Free IAPP CIPP-US Exam Questions

Become IAPP Certified with updated CIPP-US exam questions and correct answers

Page: 1 / 41

Total 201 Questions | Updated On: Apr 21, 2026

Add To Cart

Question 1

Mega Corp. is a U.S.-based business with employees in California, Virginia, and Colorado. Which of the following must Mega Corp. comply with in regard to its human resources data?

A : lifornia Privacy Rights Act.

B : lifornia Privacy Rights Act and Virginia Consumer Data Protection Act.

C : lifornia Privacy Rights Act and Colorado Privacy Act.

D : lifornia Privacy Rights Act, Virginia Consumer Data Protection Act, and Colorado Privacy Act.

Answer: D

Question 2

Which statement is FALSE regarding the provisions of the Employee Polygraph Protection Act of 1988 (EPPA)?

A : EPPA requires that employers post essential information about the Act in a conspicuous location

B : EPPA includes an exception that allows polygraph tests in professions in which employee honesty is necessary for public safety.

C : ployers are prohibited from administering psychological testing based on personality traits such as honesty, preferences or habits.

D : ployers involved in the manufacture of controlled substances may terminate employees based on polygraph results if other evidence exists

Answer: C

Question 3

Which of the following is most likely to provide privacy protection to private-sector employees in the United States?

A : ate law, contract law, and tort law

B : Federal Trade Commission Act (FTC Act)

C : endments one, four, and five of the U.S. Constitution

D : U.S. Department of Health and Human Services (HHS)

Answer: A

Question 4

What is the main purpose of the Global Privacy Enforcement Network (GPEN)?

A : promote universal cooperation among privacy authorities

B : investigate allegations of privacy violations internationally

C : protect the interests of privacy consumer groups worldwide

D : arbitrate disputes between countries over jurisdiction for privacy laws

Answer: A

Question 5

Which of the following would NOT be considered a method of obtaining verifiable parental consent before collecting, using or disclosing personal information from children under the Children’s Online Privacy Protection Act (COPPA) of 1998?

A : ing a credit card, debit card, or other online payment system

B : ving the parent call a toll-free telephone number staffed by trained personnel.

C : Having the parent sign a consent form and return it to the operator by postal mail, facsimile, or electronic scan.

D : nding a text message to the parent explaining the intended uses of the information.

Answer: D

Page: 1 / 41

Total 201 Questions | Updated On: Apr 21, 2026

Add To Cart