Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP US detailed answers updated, Exams of Advanced Education

CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP US detailed answers updated

Typology: Exams

2024/2025

Available from 07/06/2025

tizian-mwangi
tizian-mwangi 🇺🇸

3.8

(6)

7.8K documents

1 / 19

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1/19
CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP US
detailed answers updated
In what ways can the
enforcement action be
brought to the FTC's
attention?
Which agency is responsible
for educational privacy?
What are some of the ways
that the FTC has played a
prominent role in the
development of US privacy
standards?
Access
Americans with Disabilities
Act (ADA)
Consumer Financial
Protection Bureau (CFPB)
Choice
Common Law
Consent Decree
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13

Partial preview of the text

Download CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP US detailed answers updated and more Exams Advanced Education in PDF only on Docsity!

CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP US

detailed answers updated

In what ways can the enforcement action be brought to the FTC's attention? Which agency is responsible for educational privacy? What are some of the ways that the FTC has played a prominent role in the development of US privacy standards? Access Americans with Disabilities Act (ADA) Consumer Financial Protection Bureau (CFPB) Choice Common Law Consent Decree

  1. press reports covering the questionable practices 2. complaints from consumer groups of competitors Department of Education The FTC conducts public workshops on privacy issues, and reports on privacy policy and enforcement. The ability to view personal information held by an organization. This may be supplemente d by allowing updates or corrections to the information. U.S. laws often provide for "this" and correction when the information is used for any type of substantive decision making, such as for credit reports. Bars discrimination against qualified individuals with disabilities; places restrictions on pre-employment medical screening. Has enforcement power for unfair, deceptive or abusive acts and practices for financial institutions. The ability to specify whether personal information will be collected and/or how it will be used or disclosed. "It" can be express or implied. Legal principles that have developed over time in judicial decisions (case law), often drawing on social customs and expectations. A judgment entered by consent of the parties (a federal or state agency and an adverse party) whereby the defendant agrees to stop alleged illegal activity, typically without admitting guilt or wrongdoing.

another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him. Discovery in civil litigation dealing with the exchange of information in electronic format, often requiring digital forensics analysis. A category of information that can include e-mail, word- processing documents, server logs, instant messaging transcripts, voicemail systems, social networking records, thumb drives, or data on SD cards. A federal agency overseeing many laws preventing discrimination in the workplace, include Title VII of the Civil Rights Act, the Age Discrimination in Employment Act of 1967 (ADEA) and Titles I and V of the Americans with Disabilities Act of 1990 (ADA). Privileges limiting or prohibiting disclosure of personal information in the context of investigations and litigation, such as attorney- client privilege. Enacted in 1970 to regulate the consumer reporting industry and provide privacy rights in consumer reports. "This" mandates accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes. An independent consumer protection agency governed by a chairman and four other commissioners with the authority to enforce against unfair and deceptive trade practices. Established in 2010 by the FTC and enforcement authorities from around the world, "it" aims to promote cross-border information sharing as well as investigation and enforcement cooperation among privacy authorities around the world.

Gramm-Leach Bliley Act (GLBA) Health Information Health Insurance Portability and Accountability Act of 1996 (HIPAA) National Labor Relations Board (NLRB) National Security Letter (NSL) Alo known as the Financial Services Modernization Act of 1999, "this" is a United States federal law to control the ways that financial institutions deal with the private information of individuals. Any information related to the past, present or future physical or mental condition, provision of health care or payment for health care for a specific individual. A U.S. law passed to create national standards for electronic healthcare transactions, among other purposes. Requires the U.S. Department of Health and Human Services to promulgate regulations to protect the privacy and security of personal health information. The basic rule is that patients have to opt-in before their information can be shared with other organizations - although there are important exceptions such for treatment, payment and healthcare operations. An independent agency of the United States government responsible for investigating and remedying unfair labor practices. A category of subpoena generally issued to seek records considered relevant to protect against international terrorism or clandestine intelligence activities. Negligence The failure to exercise the care that a reasonably prudent person would exercise in like circumstances, leading to unintended harm. A description of an organization's information management Notice Organisation for Economic Co- operation and Development (OECD) Personal Health Information (PHI) practices, with the purposes of consumer education and corporate accountability. A multinational organization with the goal of creating policies that contribute to the economic, environmental, and social well-being of its member countries. Any individually indentifiable health information with data elements which could reasonably be expected to allow individual identification. Personal Health Record (PHR) A record maintained by the patient to track health and medical care information across a duration of time. Preemption The ability for one government's laws to supersede

Private Right of Action The ability of an individual harmed by a violation of law to bring suit against the violator. Privilege A rule of evidence that protects confidential information communicated between a client and legal advisor. A judge-issued determination of what information contained in Protective Order court records should not be made public and what conditions apply to who may access the protected information. Publicity Given to Private Life A tort claim that considers publicity given to an individual's private life by another is an invasion of privacy and subject to liability. Under HIPAA, "it" prohibits the use of disclosure of PHI for any Qualified Protection Order (QPO) Red Flags Rule Redaction Sedona Conference Stored Communications Substitute Notice purpose other than the litigation for which the information was requested; it also requires the return of PHI to the covered entity at the close of litigation. Promulgated under FACTA, "this" requires certain financial entities to develop and implement identity theft detection programs to identify and respond to "red flags" that signal identity theft. The practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or evidence in a court proceeding. A nonprofit research and educational institute responsible for the establishment of standards and best practices for managing electronic discovery compliance through data retention policies. A category of data prohibited from unauthorized acquisitionn, alteration or blocking while stored in a facility through which electronic communications service is provided. Pursuant to breach notification laws, certain entities must provide for substitute notice of data breach in a situation where insufficient or out-of-date contact information is held. Trust Marks Demonstration of compliance with self-regulatory programs by display of a seal, logo, or certification. Unfair Trade Practices Along with deceptive trade practices, behavior of an organization that can be enforced against by the FTC.

Authentication The identification of an individual account user based on a combination of security measures. After authentication, the proces of determining if the end user is Authorizatio n permitted to have access to the desired resource, such as the information asset or the information system containing the asset.

the patient at a medical facility, the employee of a company, or the customer of a retail store. The EU Directive was adopted in 1995 and became effective in 1998 and protects individuals' privacy and personal data use. The Directive recognizes the European view that privacy is a fundament al human right, and establishes a general comprehen sive legal framework that is aimed at protecting individuals and promoting individual choice regarding the processing of personal data. Constitutional guarantees that the citizenry may "have the data" archived about them by governmental and commercial repositories.

Privacy Impact Assessment (PIA) Checklists or tools to ensure that a personal information system is evaluated for privacy risks and designed with life cycle principles in mind. An effective PIA evaluates the sufficiency of privacy practices and policies with respect to legal, regulatory and industry standards, and maintains consistency between policy and practice. Sectoral Model This framework protects personal information by enacting laws that address a particular industry sector. That which is more significantly related to the notion of a Sensitive Personal Information Opt In Opt Out What are the four phases of privacy program development? What are the elements of data sharing and transfer? What are the four elements of privacy policies and disclosure?

What are the six phases of privacy incident response programs? What are the three elements of data subject preference and access What are the two elements of vendor management? Which branch of the U.S. Federal Government makes laws? Where is privacy mentioned in the U.S. Constitution? What federal agency is the most active in enforcing privacy rights? How does punishment differ in civil and criminal cases? When an FTC investigation finds a company guilty of violating privacy, what are its two recourses? What was the basis of the FTC's findings against BJ's Wholesale Club?

1. Detection

2.Prevent further activity

3. Investigation

4. Notice

5. Review

6. Corrective actions

1. Opt-in, opt-out, no

option

2.Managing preferences

3. Access and redress

1. Contracts

  • Confidentiality
  • No further use
  • Subcontractors
  • Breach disclosure
  • Information security

2.Due diligence

  • Reputation
  • Financial condition,

insurance

  • Information security
  • Point of transfer
  • Disposal
  • Training and user

awareness

  • I n c i d e n t

response

Legislative

It's not. Usually privacy falls under the 4th amendment. FTC Civil punishments are compensation such as monetary and injunctive while criminal punishments include fine, incarceration, and death.

1. Administrative trial

2.Consent decree

Unfair practices because private data was not encrypted during transmission

Preponderance of evidence Reyond a reasonable doubt

1. Negl

igence -

absenc

e of, or

failure

to

exercis

e,

proper

or

ordinar

y care.

2.Breach of

Warranty -

failure of a

seller to

fulfill the

terms of a

promise,

claim, or

representa

tion.

3. Misrepresen

tation - false

security about

the safety of a

particular

product.

4. Defamatio

n - an

untruth

about

another which untruth will harm the reputation of

the person defamed (wrtten defamation is libel; oral

defamation is slander).

5. Strict tort liability - extending the responsibility of

the vendor or manufacturer to all individuals who

might be injured by the product.

unfair or deceptive acts or practices in or affecting commerce.

1. Regulates collection and use of children's

information by commercial website operators.

2.Compels website owners to adhere to specific

notice and choice practices.

3. Applies to websites and services targeted to children under 13.

FTC

FTC

What does the FTC consider a deceptive practice? What does the FTC consider an unfair practice? What does the "Consumer Privacy Bill of Rights" emphasize? What does the "Consumer Privacy Bill of Rights" prioritize? What are the three goals of APEC Cross-border Privacy Enforcement Arrangement (CPEA) What are the three components of self- regulatory enforcement? Saying one thing and completely going against it When reasonable practice are not being followed

1. Privacy by Design

2.Simplified choice

3. Transparency

1. Do not track

2.Mobile

3. Large platform providers

4. Enforceable self-regulation

1. Facilitate information sharing

2.Promote effective cross-border cooperation

3. Encourage information sharing and

investigative/enforcement cooperation

1. Legislation - Who determines the rules?

2.Enforcement - Who initiates actions?

3. Ajudication - Who decides if something is in violation?

What does HIPAA require? Covered entities to protect health information that is transmitted or maintained in any form or medium

1. Healthcare providers that conduct transactions in electronic

List the three HIPAA covered entities Does HIPAA preempt stronger state laws? form

2.Health insurers

3. Health

clearinghouses No

Who enforces HIPAA? The U.S. Department of Health & Human Services (HHS) What are the punishments for non- compliance of HIPAA? What are the elements of the HIPAA Privacy Rule?

What are the elements of the HIPAA Security Rule?

  1. Confidentiality, integrity and availability of ePHI 2.Protection against threats to ePHI
  2. No unreasonable uses or disclosures of information not required under the Privacy Rule