Pass Exam With Full Sureness - CIPP-US Dumps with 152 Questions [Q59-Q76]

4/5 - (4 votes)

Pass Exam With Full Sureness – CIPP-US Dumps with 152 Questions

Verified CIPP-US dumps Q&As – 100% Pass from PrepAwayPDF

NEW QUESTION 59
Which of the following types of information would an organization generally NOT be required to disclose to law enforcement?

Information about medication errors under the Food, Drug and Cosmetic Act

Money laundering information under the Bank Secrecy Act of 1970

Information about workspace injuries under OSHA requirements

Personal health information under the HIPAA Privacy Rule

NEW QUESTION 60
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

Uses the transferred data for limited purposes

Provides the same level of privacy protection as the organization

Notifies the organization if it can no longer meet its requirements for proper data handling

Enters a contract with the organization that states the third party will process data according to the consent agreement

NEW QUESTION 61
Which of these organizations would be required to provide its customers with an annual privacy notice?

The Four Winds Tribal College.

The Golden Gavel Auction House.

The King County Savings and Loan.

The Breezy City Housing Commission.

NEW QUESTION 62
What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?

A consent decree

Stare decisis decree

A judgment rider

Common law judgment

NEW QUESTION 63
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?

To follow the Disposal Rule by having the reports shredded

To follow the Red Flags Rule by mailing the reports to customers

To follow the Privacy Rule by notifying customers that the reports are being stored

To follow the Safeguards Rule by transferring the reports to a secure electronic file

NEW QUESTION 64
If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?

The organization will still be in compliance with most sector-specific privacy and security laws.

The impact of an organizational data breach will be more severe than if the data had been segregated.

Temporary employees will be able to find the data necessary to fulfill their responsibilities.

The organization will be able to address legal discovery requests efficiently without producing more information than necessary.

NEW QUESTION 65
SCENARIO
Please use the following to answer the next QUESTION:
Matt went into his son’s bedroom one evening and found him stretched out on his bed typing on his laptop. “Doing your network?” Matt asked hopefully.
“No,” the boy said. “I’m filling out a survey.”
Matt looked over his son’s shoulder at his computer screen. “What kind of survey?” “It’s asking Questions about my opinions.”
“Let me see,” Matt said, and began reading the list of Questions that his son had already answered. “It’s asking your opinions about the government and citizenship. That’s a little odd. You’re only ten.” Matt wondered how the web link to the survey had ended up in his son’s email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer Questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son’s inbox, and he decided it was time to report the incident to the proper authorities.
How could the marketer have best changed its privacy management program to meet COPPA “Safe Harbor” requirements?

By receiving FTC approval for the content of its emails

By making a COPPA privacy notice available on website

By participating in an approved self-regulatory program

By regularly assessing the security risks to consumer privacy

NEW QUESTION 66
Smith Memorial Healthcare (SMH) is a hospital network headquartered in New York and operating in 7 other states. SMH uses an electronic medical record to enter and track information about its patients. Recently, SMH suffered a data breach where a third-party hacker was able to gain access to the SMH internal network.
Because it is a HIPPA-covered entity, SMH made a notification to the Office of Civil Rights at the U.S. Department of Health and Human Services about the breach.
Which statement accurately describes SMH’s notification responsibilities?

If SMH is compliant with HIPAA, it will not have to make a separate notification to individuals in the state of New York.

If SMH has more than 500 patients in the state of New York, it will need to make separate notifications to these patients.

If SMH must make a notification in any other state in which it operates, it must also make a notification to individuals in New York.

If SMH makes credit monitoring available to individuals who inquire, it will not have to make a separate

NEW QUESTION 67
What are banks required to do under the Gramm-Leach-Bliley Act (GLBA)?

Conduct annual consumer surveys regarding satisfaction with user preferences

Process requests for changes to user preferences within a designated time frame

Provide consumers with the opportunity to opt out of receiving telemarketing phone calls

Offer an Opt-Out before transferring PI to an unaffiliated third party for the latter’s own use

NEW QUESTION 68
Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?

7 days

10 days

15 days

21 days

NEW QUESTION 69
Acme Student Loan Company has developed an artificial intelligence algorithm that determines whether an individual is likely to pay their bill or default. A person who is determined by the algorithm to be more likely to default will receive frequent payment reminder calls, while those who are less likely to default will not receive payment reminders.
Which of the following most accurately reflects the privacy concerns with Acme Student Loan Company using artificial intelligence in this manner?

If the algorithm uses risk factors that impact the automatic decision engine. Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output.

If the algorithm makes automated decisions based on risk factors and public information, Acme need not determine if the algorithm has a disparate impact on protected classes.

If the algorithm’s methodology is disclosed to consumers, then it is acceptable for Acme to have a disparate impact on protected classes.

If the algorithm uses information about protected classes to make automated decisions, Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output.

NEW QUESTION 70
Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

Implied consent from a minor’s parent or guardian, or affirmative consent from the minor.

Affirmative consent from a minor’s parent or guardian before collecting the minor’s personal information online.

Implied consent from a minor’s parent or guardian before collecting a minor’s personal information online, such as when they permit the minor to use the internet.

Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e.g., in person), which also satisfies any requirements for online consent.

NEW QUESTION 71
All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?

Healthcare information clearinghouses

Pharmaceutical companies

Healthcare providers

Health plans

NEW QUESTION 72
Which statute is considered part of U.S. federal privacy law?

The Fair Credit Reporting Act.

SB 1386.

The Personal Information Protection and Electronic Documents Act.

The e-Privacy Directive.

NEW QUESTION 73
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the
“most expeditious time possible without unreasonable delay.” By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?

Maine

Florida

New York

California

NEW QUESTION 74
In 2012, the White House and the FTC both issued reports advocating a new approach to privacy enforcement that can best be described as what?

Harm-based.

Self-regulatory.

Comprehensive.

Notice and choice.

NEW QUESTION 75
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?

Department of Health and Human Services

The affected individuals

The local media

Medical providers

NEW QUESTION 76
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the “most expeditious time possible without unreasonable delay.” By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?

Maine

Florida

New York

California