Login / Register   My Cart (0)

Pay attention to our Valid and Useful Exam Reviews and take our Exam Torrent as your Study Material. With little time and energy investment, you have a High Efficiency Study experience. Pass your Actual Test with the help of our Actual Reviews.

All Products Contact now
  • Home
  • Articles
  • [Sep-2021] Pass IAPP CIPP-US Exam in First Attempt Guaranteed! [Q88-Q106]

[Sep-2021] Pass IAPP CIPP-US Exam in First Attempt Guaranteed! [Q88-Q106]

Share

[Sep-2021] Pass IAPP CIPP-US Exam in First Attempt Guaranteed!

Full CIPP-US Practice Test and 152 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 88
The Cable Communications Policy Act of 1984 requires which activity?

  • A. Delivery of an annual notice detailing how subscriber information is to be used
  • B. Destruction of personal information a maximum of six months after it is no longer needed
  • C. Obtaining subscriber consent for disseminating any personal information necessary to render cable services
  • D. Notice to subscribers of any investigation involving unauthorized reception of cable services

Answer: D

 

NEW QUESTION 89
All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?

  • A. Healthcare providers
  • B. Healthcare information clearinghouses
  • C. Pharmaceutical companies
  • D. Health plans

Answer: C

 

NEW QUESTION 90
How did the Fair and Accurate Credit Transactions Act (FACTA) amend the Fair Credit Reporting Act (FCRA)?

  • A. It increased the obligation of organizations to dispose of consumer data in ways that prevent unauthorized access
  • B. It required employers to get an employee's consent in advance of requesting a consumer report for internal investigation purposes Section: (none) Explanation
  • C. It stipulated the purpose of obtaining a consumer report can only be for a review of the employee's credit worthiness
  • D. It expanded the definition of "consumer reports" to include communications relating to employee investigations

Answer: A

 

NEW QUESTION 91
Even when dealing with an organization subject to the CCPA, California residents are NOT legally entitled to request that the organization do what?

  • A. Delete their personal information.
  • B. Correct their personal information.
  • C. Disclose their personal information to them.
  • D. Refrain from selling their personal information to third parties.

Answer: B

 

NEW QUESTION 92
U.S. federal laws protect individuals from employment discrimination based on all of the following EXCEPT?

  • A. Pregnancy.
  • B. Marital status.
  • C. Genetic information.
  • D. Age.

Answer: A

 

NEW QUESTION 93
What was the original purpose of the Foreign Intelligence Surveillance Act?

  • A. To further define what information can reasonably be under surveillance in public places under the USA PATRIOT Act, such as Internet access in public libraries.
  • B. To further define a framework for authorizing wiretaps by the executive branch for national security purposes under Article II of the Constitution.
  • C. To further clarify a reasonable expectation of privacy stemming from the Katz v. United States decision.
  • D. To further clarify when a warrant is not required for a wiretap performed internally by the telephone company outside the suspect's home, stemming from the Olmstead v. United States decision.

Answer: A

 

NEW QUESTION 94
What is the main purpose of the CAN-SPAM Act?

  • A. To empower the FTC to create rules for messages containing sexually explicit content
  • B. To authorize the states to enforce federal privacy laws for electronic marketing
  • C. To diminish the use of electronic messages to send sexually explicit materials
  • D. To ensure that organizations respect individual rights when using electronic advertising

Answer: D

Explanation:
Explanation/Reference: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business

 

NEW QUESTION 95
Under the Fair Credit Reporting Act (FCRA), what must a person who is denied employment based upon his credit history receive?

  • A. A list of rights from the Consumer Financial Protection Bureau (CFPB).
  • B. A prompt notification from the employer.
  • C. Information from several consumer reporting agencies (CRAs).
  • D. An opportunity to reapply with the employer.

Answer: B

 

NEW QUESTION 96
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

  • A. Uses the transferred data for limited purposes
  • B. Notifies the organization if it can no longer meet its requirements for proper data handling
  • C. Enters a contract with the organization that states the third party will process data according to the consent agreement
  • D. Provides the same level of privacy protection as the organization

Answer: C

 

NEW QUESTION 97
California's SB 1386 was the first law of its type in the United States to do what?

  • A. Require commercial entities to disclose a security data breach concerning personal information about the state's residents
  • B. Require notification of non-California residents of a breach that occurred in California
  • C. Require encryption of sensitive information stored on servers that are Internet connected
  • D. Require state attorney general enforcement of federal regulations against unfair and deceptive trade practices

Answer: A

 

NEW QUESTION 98
SCENARIO
Please use the following to answer the next QUESTION
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to customer information nor procedures for purging and destroying outdated dat a. In her research, Roberta had discovered that even low- level employees had access to all of the company's customer data, including financial records, and that the company still had in its possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis. This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information. Third, identify outdated customer information and then develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now considered the responsibility of every employee.
What could the company have done differently prior to the breach to reduce their risk?

  • A. Looked for any persistent threats to security that could compromise the company's network.
  • B. Implemented a comprehensive policy for accessing customer information.
  • C. Communicated requests for changes to users' preferences across the organization and with third parties.
  • D. Honored the promise of its privacy policy to acquire information by using an opt-in method.

Answer: A

 

NEW QUESTION 99
Which of the following best describes an employer's privacy-related responsibilities to an employee who has left the workplace?

  • A. An employer has a responsibility to maintain a former employee's access to computer systems and company data needed to support claims against the company such as discrimination.
  • B. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual.
  • C. An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee.
  • D. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose.

Answer: C

 

NEW QUESTION 100
Which statute is considered part of U.S. federal privacy law?

  • A. The Personal Information Protection and Electronic Documents Act.
  • B. The e-Privacy Directive.
  • C. The Fair Credit Reporting Act.
  • D. SB 1386.

Answer: C

 

NEW QUESTION 101
An organization self-certified under Privacy Shield must, upon request by an individual, do what?

  • A. Identify all personal information disclosed during a criminal investigation.
  • B. Provide the identities of third and fourth parties that may potentially receive personal information.
  • C. Suspend the use of all personal information collected by the organization to fulfill its original purpose.
  • D. Provide the identities of third parties with whom the organization shares personal information.

Answer: D

 

NEW QUESTION 102
Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

  • A. Affirmative consent from a minor's parent or guardian before collecting the minor's personal information online.
  • B. Implied consent from a minor's parent or guardian before collecting a minor's personal information online, such as when they permit the minor to use the internet.
  • C. Implied consent from a minor's parent or guardian, or affirmative consent from the minor.
  • D. Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e.g., in person), which also satisfies any requirements for online consent.

Answer: A

Explanation:
Explanation/Reference: https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked- questions-0

 

NEW QUESTION 103
John, a California resident, receives notification that a major corporation with $500 million in annual revenue has experienced a data breach. John's personal information in their possession has been stolen, including his full name and social security numb. John also learns that the corporation did not have reasonable cybersecurity measures in place to safeguard his personal information.
Which of the following answers most accurately reflects John's ability to pursue a legal claim against the corporation under the California Consumer Privacy Act (CCPA)?

  • A. John can sue the corporation for the data breach but only to recover monetary damages he actually suffered as a result of the data breach.
  • B. John has no right to sue the corporation because the CCPA does not address any data breach rights.
  • C. John cannot sue the corporation for the data breach because only the state's Attoney General has authority to file suit under the CCPA.
  • D. John can sue the corporation for the data breach to recover monetary damages suffered as a result of the data breach, and in some circumstances seek statutory damages irrespective of whether he suffered any financial harm.

Answer: A

 

NEW QUESTION 104
SCENARIO
Please use the following to answer the next QUESTION:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal dat a. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company." This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.
As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
Under the GDPR, the complainant's request regarding her personal information is known as what?

  • A. Right to Be Forgotten
  • B. Right of Rectification
  • C. Right of Access
  • D. Right of Removal

Answer: D

 

NEW QUESTION 105
SCENARIO
Please use the following to answer the next QUESTION
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to customer information nor procedures for purging and destroying outdated dat a. In her research, Roberta had discovered that even low- level employees had access to all of the company's customer data, including financial records, and that the company still had in its possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis. This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information. Third, identify outdated customer information and then develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now considered the responsibility of every employee.
Based on the problems with the company's privacy security that Roberta identifies, what is the most likely cause of the breach?

  • A. Fraud involving credit card theft at point-of-service terminals.
  • B. Unintended disclosure of information shared with a third party.
  • C. Lost company property such as a computer or flash drive.
  • D. Mishandling of information caused by lack of access controls.

Answer: D

 

NEW QUESTION 106
......

Prepare for your IAPP certification with the updated ExamsReviews CIPP-US exam questions: https://drive.google.com/open?id=1xdgcGJj-pNBbwZKuvTZ60bU_6t3L1G8T

Get Latest CIPP-US Dumps Exam Questions in here: https://www.examsreviews.com/CIPP-US-pass4sure-exam-review.html

Related Articles

more
IAPP CIPP-US Certification Practice Exam

Pay attention to our Valid and Useful Exam Reviews and take our Exam Torrent as your Study Material. With little time and energy investment, you have a High Efficiency Study experience. Pass your Actual Test with the help of our Actual Reviews.

Latest Exam

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamsReviews NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy