











Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP US detailed answers updated
Typology: Exams
1 / 19
This page cannot be seen from the preview
Don't miss anything!
In what ways can the enforcement action be brought to the FTC's attention? Which agency is responsible for educational privacy? What are some of the ways that the FTC has played a prominent role in the development of US privacy standards? Access Americans with Disabilities Act (ADA) Consumer Financial Protection Bureau (CFPB) Choice Common Law Consent Decree
another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him. Discovery in civil litigation dealing with the exchange of information in electronic format, often requiring digital forensics analysis. A category of information that can include e-mail, word- processing documents, server logs, instant messaging transcripts, voicemail systems, social networking records, thumb drives, or data on SD cards. A federal agency overseeing many laws preventing discrimination in the workplace, include Title VII of the Civil Rights Act, the Age Discrimination in Employment Act of 1967 (ADEA) and Titles I and V of the Americans with Disabilities Act of 1990 (ADA). Privileges limiting or prohibiting disclosure of personal information in the context of investigations and litigation, such as attorney- client privilege. Enacted in 1970 to regulate the consumer reporting industry and provide privacy rights in consumer reports. "This" mandates accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes. An independent consumer protection agency governed by a chairman and four other commissioners with the authority to enforce against unfair and deceptive trade practices. Established in 2010 by the FTC and enforcement authorities from around the world, "it" aims to promote cross-border information sharing as well as investigation and enforcement cooperation among privacy authorities around the world.
Gramm-Leach Bliley Act (GLBA) Health Information Health Insurance Portability and Accountability Act of 1996 (HIPAA) National Labor Relations Board (NLRB) National Security Letter (NSL) Alo known as the Financial Services Modernization Act of 1999, "this" is a United States federal law to control the ways that financial institutions deal with the private information of individuals. Any information related to the past, present or future physical or mental condition, provision of health care or payment for health care for a specific individual. A U.S. law passed to create national standards for electronic healthcare transactions, among other purposes. Requires the U.S. Department of Health and Human Services to promulgate regulations to protect the privacy and security of personal health information. The basic rule is that patients have to opt-in before their information can be shared with other organizations - although there are important exceptions such for treatment, payment and healthcare operations. An independent agency of the United States government responsible for investigating and remedying unfair labor practices. A category of subpoena generally issued to seek records considered relevant to protect against international terrorism or clandestine intelligence activities. Negligence The failure to exercise the care that a reasonably prudent person would exercise in like circumstances, leading to unintended harm. A description of an organization's information management Notice Organisation for Economic Co- operation and Development (OECD) Personal Health Information (PHI) practices, with the purposes of consumer education and corporate accountability. A multinational organization with the goal of creating policies that contribute to the economic, environmental, and social well-being of its member countries. Any individually indentifiable health information with data elements which could reasonably be expected to allow individual identification. Personal Health Record (PHR) A record maintained by the patient to track health and medical care information across a duration of time. Preemption The ability for one government's laws to supersede
Private Right of Action The ability of an individual harmed by a violation of law to bring suit against the violator. Privilege A rule of evidence that protects confidential information communicated between a client and legal advisor. A judge-issued determination of what information contained in Protective Order court records should not be made public and what conditions apply to who may access the protected information. Publicity Given to Private Life A tort claim that considers publicity given to an individual's private life by another is an invasion of privacy and subject to liability. Under HIPAA, "it" prohibits the use of disclosure of PHI for any Qualified Protection Order (QPO) Red Flags Rule Redaction Sedona Conference Stored Communications Substitute Notice purpose other than the litigation for which the information was requested; it also requires the return of PHI to the covered entity at the close of litigation. Promulgated under FACTA, "this" requires certain financial entities to develop and implement identity theft detection programs to identify and respond to "red flags" that signal identity theft. The practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or evidence in a court proceeding. A nonprofit research and educational institute responsible for the establishment of standards and best practices for managing electronic discovery compliance through data retention policies. A category of data prohibited from unauthorized acquisitionn, alteration or blocking while stored in a facility through which electronic communications service is provided. Pursuant to breach notification laws, certain entities must provide for substitute notice of data breach in a situation where insufficient or out-of-date contact information is held. Trust Marks Demonstration of compliance with self-regulatory programs by display of a seal, logo, or certification. Unfair Trade Practices Along with deceptive trade practices, behavior of an organization that can be enforced against by the FTC.
Authentication The identification of an individual account user based on a combination of security measures. After authentication, the proces of determining if the end user is Authorizatio n permitted to have access to the desired resource, such as the information asset or the information system containing the asset.
the patient at a medical facility, the employee of a company, or the customer of a retail store. The EU Directive was adopted in 1995 and became effective in 1998 and protects individuals' privacy and personal data use. The Directive recognizes the European view that privacy is a fundament al human right, and establishes a general comprehen sive legal framework that is aimed at protecting individuals and promoting individual choice regarding the processing of personal data. Constitutional guarantees that the citizenry may "have the data" archived about them by governmental and commercial repositories.
Privacy Impact Assessment (PIA) Checklists or tools to ensure that a personal information system is evaluated for privacy risks and designed with life cycle principles in mind. An effective PIA evaluates the sufficiency of privacy practices and policies with respect to legal, regulatory and industry standards, and maintains consistency between policy and practice. Sectoral Model This framework protects personal information by enacting laws that address a particular industry sector. That which is more significantly related to the notion of a Sensitive Personal Information Opt In Opt Out What are the four phases of privacy program development? What are the elements of data sharing and transfer? What are the four elements of privacy policies and disclosure?
What are the six phases of privacy incident response programs? What are the three elements of data subject preference and access What are the two elements of vendor management? Which branch of the U.S. Federal Government makes laws? Where is privacy mentioned in the U.S. Constitution? What federal agency is the most active in enforcing privacy rights? How does punishment differ in civil and criminal cases? When an FTC investigation finds a company guilty of violating privacy, what are its two recourses? What was the basis of the FTC's findings against BJ's Wholesale Club?
It's not. Usually privacy falls under the 4th amendment. FTC Civil punishments are compensation such as monetary and injunctive while criminal punishments include fine, incarceration, and death.
Unfair practices because private data was not encrypted during transmission
Preponderance of evidence Reyond a reasonable doubt
unfair or deceptive acts or practices in or affecting commerce.
What does the FTC consider a deceptive practice? What does the FTC consider an unfair practice? What does the "Consumer Privacy Bill of Rights" emphasize? What does the "Consumer Privacy Bill of Rights" prioritize? What are the three goals of APEC Cross-border Privacy Enforcement Arrangement (CPEA) What are the three components of self- regulatory enforcement? Saying one thing and completely going against it When reasonable practice are not being followed
What does HIPAA require? Covered entities to protect health information that is transmitted or maintained in any form or medium
List the three HIPAA covered entities Does HIPAA preempt stronger state laws? form
Who enforces HIPAA? The U.S. Department of Health & Human Services (HHS) What are the punishments for non- compliance of HIPAA? What are the elements of the HIPAA Privacy Rule?
What are the elements of the HIPAA Security Rule?