• Home
  • Articles
  • Free CIPP-US Exam Files Verified & Correct Answers Downloaded Instantly [Q86-Q103]

Free CIPP-US Exam Files Verified & Correct Answers Downloaded Instantly [Q86-Q103]

Share

Free CIPP-US Exam Files Verified & Correct Answers Downloaded Instantly

Instant Download CIPP-US Dumps Q&As Provide PDF&Test Engine


IAPP CIPP-US Exam is a rigorous and challenging exam that requires extensive knowledge and expertise in the field of privacy. Individuals who wish to take the exam must have a good understanding of the basic principles of data protection and privacy laws in the US. They must also be familiar with the latest developments in the field and be able to apply this knowledge to real-world scenarios.

 

NEW QUESTION # 86
SCENARIO
Please use the following to answer the next QUESTION
Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.
One potential employer, Arnie's Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job. However, Noah is somewhat relieved that he was not offered this particular position. He noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still be sitting in the office, unsecured.
Two days ago, Noah got another interview for a position at Sam's Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this when he applied.
Regardless, the effect of Noah's credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills - all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still affecting him today.
In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.
After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a victim of identity theft and whether this may have negatively affected his credit.
Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.
Based on the scenario, which legislation should ease Noah's worry about his credit report as a result of applying at Arnie's Emporium?

  • A. The Privacy Rule under the Gramm-Leach-Bliley Act (GLBA).
  • B. The Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA).
  • C. The Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA).
  • D. The Red Flags Rule under the Fair and Accurate Credit Transactions Act (FACTA).

Answer: B


NEW QUESTION # 87
Smith Memorial Healthcare (SMH) is a hospital network headquartered in New York and operating in 7 other states. SMH uses an electronic medical record to enter and track information about its patients. Recently, SMH suffered a data breach where a third-party hacker was able to gain access to the SMH internal network.
Because it is a HIPPA-covered entity, SMH made a notification to the Office of Civil Rights at the U.S. Department of Health and Human Services about the breach.
Which statement accurately describes SMH's notification responsibilities?

  • A. If SMH is compliant with HIPAA, it will not have to make a separate notification to individuals in the state of New York.
  • B. If SMH has more than 500 patients in the state of New York, it will need to make separate notifications to these patients.
  • C. If SMH must make a notification in any other state in which it operates, it must also make a notification to individuals in New York.
  • D. If SMH makes credit monitoring available to individuals who inquire, it will not have to make a separate

Answer: C

Explanation:
notification to individuals in the state of New York.


NEW QUESTION # 88
According to FERPA, when can a school disclose records without a student's consent?

  • A. If the disclosure is to practitioners who are involved in a student's health care
  • B. If the disclosure is to provide transcripts to a school where a student intends to enroll
  • C. If the disclosure is not to be conducted through email to the third party
  • D. If the disclosure would not reveal a student's student identification number

Answer: B


NEW QUESTION # 89
Which of these organizations would be required to provide its customers with an annual privacy notice?

  • A. The Breezy City Housing Commission.
  • B. The Four Winds Tribal College.
  • C. The King County Savings and Loan.
  • D. The Golden Gavel Auction House.

Answer: D


NEW QUESTION # 90
SCENARIO
Please use the following to answer the next QUESTION
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asi a. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station's network and was able to steal data relating to employees in the company's Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
The Board has asked Otto whether the company will need to comply with the new California Consumer Privacy Law (CCPA). What should Otto tell the Board?

  • A. That the company is governed by CCPA, but does not need to take any additional steps because it follows CPBR.
  • B. That CCPA only applies to companies based in California, which exempts the company from compliance.
  • C. That business contact information could be considered personal information governed by CCPA.
  • D. That CCPA will apply to the company only after the California Attorney General determines that it will enforce the statute.

Answer: C

Explanation:
CCPA applies regardless of enforcement. Under the CPRA, which amended the CCPA, business contact information is PII.


NEW QUESTION # 91
Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?

  • A. An online merchant's free shipping offer
  • B. A local nonprofit charity's fundraiser
  • C. A city bus system's frequent rider program
  • D. A national bank's no-fee checking promotion

Answer: A


NEW QUESTION # 92
The Family Educational Rights and Privacy Act (FERPA) requires schools to do all of the following EXCEPT?

  • A. Verify the identity of students who make requests for access to their records.
  • B. Respond to all reasonable student requests regarding explanation of their records.
  • C. Provide students with access to their records within a specified amount of time.
  • D. Obtain student authorization before releasing directory information in their records.

Answer: C


NEW QUESTION # 93
In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer dat a. Which was NOT one of these principles?

  • A. Enhancing security measures.
  • B. Practicing Privacy by Design.
  • C. Simplifying consumer choice.
  • D. Providing greater transparency.

Answer: A


NEW QUESTION # 94
Which entities must comply with the Telemarketing Sales Rule?

  • A. For-profit and not-for-profit organizations when selling additional services to establish customers
  • B. For-profit organizations calling businesses when a binding contract exists between them
  • C. For-profit organizations and for-profit telefunders regarding charitable solicitations
  • D. Nonprofit organizations calling on their own behalf

Answer: A


NEW QUESTION # 95
SCENARIO
Please use the following to answer the next QUESTION
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to customer information nor procedures for purging and destroying outdated dat a. In her research, Roberta had discovered that even low- level employees had access to all of the company's customer data, including financial records, and that the company still had in its possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis. This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information. Third, identify outdated customer information and then develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now considered the responsibility of every employee.
What could the company have done differently prior to the breach to reduce their risk?

  • A. Implemented a comprehensive policy for accessing customer information.
  • B. Communicated requests for changes to users' preferences across the organization and with third parties.
  • C. Honored the promise of its privacy policy to acquire information by using an opt-in method.
  • D. Looked for any persistent threats to security that could compromise the company's network.

Answer: A


NEW QUESTION # 96
Which federal law or regulation preempts state law?

  • A. Controlling the Assault of Non-Solicited Pornography and Marketing Act
  • B. Electronic Communications Privacy Act of 1986
  • C. Telemarketing Sales Rule
  • D. Health Insurance Portability and Accountability Act

Answer: A


NEW QUESTION # 97
SCENARIO
Please use the following to answer the next QUESTION :
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients' Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital's use of a billing company. He Questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients' care.
On his first day Declan became familiar with all areas of the hospital's large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had plans to properly report what had happened.
Despite Declan's concern about this issue, he was amazed by the hospital's effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to think more carefully about genetic testing.
Although Declan's day ended with many QUESTIONS, he was pleased about his new position.
How can the radiology department address Declan's concern about paper waste and still comply with the Health Insurance Portability and Accountability Act (HIPAA)?

  • A. State the privacy policy to the patient verbally
  • B. Direct patients to the correct area of the hospital website
  • C. Post the privacy notice in a prominent location instead
  • D. Confirm that patients are given the privacy notice on their first visit

Answer: B

Explanation:
It is important for test takers to not add additional information to the prompt by assuming information. By choosing D, you are assuming that Declan will stay long enough in the position that he will personally see to it that every first time patient receives a privacy notice. By choosing C, you are answering the exact question by addressing the paper waste concern and complying with HIPAA which allows covered entities to post privacy notices on websites. Model Notices of Privacy Practices on the HHS website outlines two requirements: A covered entity must make its notice available to any person who asks for it (satisfies pointing the person in the direction of the covered entity website); A covered entity must prominently post and make available its notice on any web site it maintains that provides information about its customer services or benefits (satisfies pointing the person to the covered entity website to view privacy notice).


NEW QUESTION # 98
The FTC often negotiates consent decrees with companies found to be in violation of privacy principles. How does this benefit both parties involved?

  • A. It simplifies the audit requirements.
  • B. It standardizes the amount of fines.
  • C. It avoids potentially harmful publicity.
  • D. It spares the expense of going to trial.

Answer: C


NEW QUESTION # 99
SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your network?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?"
"It's asking questions about my opinions."
"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
Based on the incident, the FTC's enforcement actions against the marketer would most likely include what violation?

  • A. Failing to notify of a breach of children's private information.
  • B. Intruding upon the privacy of a family with young children.
  • C. Disregarding the privacy policy of the children's marketing industry.
  • D. Collecting information from a child under the age of thirteen.

Answer: C

Explanation:
Explanation/Reference: https://www.ftc.gov/system/files/2012-31341.pdf


NEW QUESTION # 100
Which federal act does NOT contain provisions for preempting stricter state laws?

  • A. The Children's Online Privacy Protection Act (COPPA)
  • B. The CAN-SPAM Act
  • C. The Fair and Accurate Credit Transactions Act (FACTA)
  • D. The Telemarketing Consumer Protection and Fraud Prevention Act

Answer: D

Explanation:
Explanation


NEW QUESTION # 101
SCENARIO
Please use the following to answer the next QUESTION:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to." Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.
Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social medi a. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
Based on the way he uses social media, Evan is susceptible to a lawsuit based on?

  • A. Discrimination
  • B. Intrusion upon seclusion
  • C. Defamation
  • D. Publicity given to private life

Answer: A


NEW QUESTION # 102
What is the main challenge financial institutions face when managing user preferences?

  • A. Developing a mechanism for opting out that is easy for their consumers to navigate
  • B. Determining the legal requirements for sharing preferences with their affiliates
  • C. Ensuring that preferences are applied consistently across channels and platforms
  • D. Ensuring they are in compliance with numerous complex state and federal privacy laws

Answer: C


NEW QUESTION # 103
......

Exam Valid Dumps with Instant Download Free Updates: https://www.lead2passed.com/IAPP/CIPP-US-practice-exam-dumps.html

Fast Exam Updates CIPP-US dumps with PDF Test Engine Practice: https://drive.google.com/open?id=19FQMrcrR3RFu-J_p_-SYSiVPtx3U4z5y

Related Articles

more
IAPP CIPP-US Certification Practice Exam