Free IAPP CIPP-US Exam Questions

Question 1

The Cable Communications Policy Act of 1984 requires which activity?

A : livery of an annual notice detailing how subscriber information is to be used

B : Destruction of personal information a maximum of six months after it is no longer needed

C : tice to subscribers of any investigation involving unauthorized reception of cable services

D : taining subscriber consent for disseminating any personal information necessary to render cable services

Answer: C

Question 2

A company based in United States receives information about its UK subsidiary’s employees in connection with

the centralized HR service it provides.

How can the UK company ensure an adequate level of data protection that would allow the restricted data

transfer to continue?

A : signing up to an approved code of conduct under UK GDPR to demonstrate compliance with its requirements, both for the parent and the subsidiary companies

B : revising the contract with the United States parent company incorporating EU SCCs, as it continues to be valid for restricted transfers under the UK regime

C : By submitting to the ICO a new application for the UK BCRs using the UK BCR application forms, as their existing authorized EU BCRs are not recognized.

D : allowing each employee the option to opt-out to the restricted transfer, as it is necessary to send their names in order to book the sales bonuses.

Answer: B

Question 3

When does the Telemarketing Sales Rule require an entity to share a do-not-call request across its organization?

A : en the operational structures of its divisions are not transparent

B : en the goods and services sold by its divisions are very similar

C : en a call is not the result of an error or other unforeseen cause

D : en the entity manages user preferences through multiple platforms

Answer: C

Question 4

Which of the following is NOT a principle found in the APEC Privacy Framework?

A : tegrity of Personal Information.

B : cess and Correction.

C : eventing Harm

D : ivacy by Design.

Answer: D

Question 5

SCENARIO

Please use the following to answer the next question:

Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend

Celeste open a jewelry store in California. Felicia, despite being excited at the prospect, has a number of

security concerns, and has only grudgingly accepted the need to hire other employees. In order to guard

against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission,

Felicia would like to run credit checks, administer polygraph tests, and scrutinize videos of interviews. She

intends to read applicants’ postings on social media, ask questions about drug addiction, and solicit character

references. Felicia believes that if potential employees are serious about becoming part of a dynamic new

business, they will readily agree to these requirements.

Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent

mistakes during transactions, which will require video monitoring. She also wants to regularly check the

company vehicle’s GPS for locations visited by employees. She also believes that employees who use their

own devices for work-related purposes should agree to a certain amount of supervision.

Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that

many types of background checks are not allowed under California law. Her friend Celeste thinks these worries

are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor

does Celeste share Felicia’s concern about state breach notification laws, which, she claims, would be costly to

implement even on a minor scale. Celeste believes that

even if the business grows a customer database of a few thousand, it’s unlikely that a state agency would

hassle an honest business if an accidental security incident were to occur.

In any case, Celeste feels that all they need is common sense – like remembering to tear up sensitive

documents before throwing them in the recycling bin. Felicia hopes that she’s right, and that all of her concerns

will be put to rest next month when their new business consultant (who is also a privacy professional) arrives

from North Carolina.

Regarding credit checks of potential employees, Celeste has a misconception regarding what?

A : nsent requirements

B : closure requirements.

C : ployment-at-will rules

D : cords retention policies

Answer: A