Free IAPP CIPP-US Exam Questions

Question 1

Which of the following would NOT be considered a method of obtaining verifiable parental consent before collecting, using or disclosing personal information from children under the Children’s Online Privacy Protection Act (COPPA) of 1998?

A : ing a credit card, debit card, or other online payment system

B : ving the parent call a toll-free telephone number staffed by trained personnel.

C : Having the parent sign a consent form and return it to the operator by postal mail, facsimile, or electronic scan.

D : nding a text message to the parent explaining the intended uses of the information.

Answer: D

Question 2

SCENARIO

Please use the following to answer the next question:

Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend

Celeste open a jewelry store in California. Felicia, despite being excited at the prospect, has a number of

security concerns, and has only grudgingly accepted the need to hire other employees. In order to guard

against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission,

Felicia would like to run credit checks, administer polygraph tests, and scrutinize videos of interviews. She

intends to read applicants’ postings on social media, ask questions about drug addiction, and solicit character

references. Felicia believes that if potential employees are serious about becoming part of a dynamic new

business, they will readily agree to these requirements.

Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent

mistakes during transactions, which will require video monitoring. She also wants to regularly check the

company vehicle’s GPS for locations visited by employees. She also believes that employees who use their

own devices for work-related purposes should agree to a certain amount of supervision.

Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that

many types of background checks are not allowed under California law. Her friend Celeste thinks these worries

are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor

does Celeste share Felicia’s concern about state breach notification laws, which, she claims, would be costly to

implement even on a minor scale. Celeste believes that

even if the business grows a customer database of a few thousand, it’s unlikely that a state agency would

hassle an honest business if an accidental security incident were to occur.

In any case, Celeste feels that all they need is common sense – like remembering to tear up sensitive

documents before throwing them in the recycling bin. Felicia hopes that she’s right, and that all of her concerns

will be put to rest next month when their new business consultant (who is also a privacy professional) arrives

from North Carolina.

Regarding credit checks of potential employees, Celeste has a misconception regarding what?

A : nsent requirements

B : closure requirements.

C : ployment-at-will rules

D : cords retention policies

Answer: A

Question 3

What consumer protection did the Fair and Accurate Credit Transactions Act (FACTA) require?

A : ability for the consumer to correct inaccurate credit report information

B : truncation of account numbers on credit card receipts

C : right to request removal from e-mail lists

D : nsumer notice when third-party data is used to make an adverse decision

Answer: A

Question 4

SCENARIO

Please use the following to answer the next question:

Matt went into his son’s bedroom one evening and found him stretched out on his bed typing on his laptop.

“Doing your homework?” Matt asked hopefully.

“No,” the boy said. “I’m filling out a survey.”

Matt looked over his son’s shoulder at his computer screen. “What kind of survey?”

“It’s asking questions about my opinions.”

“Let me see,” Matt said, and began reading the list of questions that his son had already answered. “It’s asking

your opinions about the government and citizenship. That’s a little odd. You’re only ten.”

Matt wondered how the web link to the survey had ended up in his son’s email inbox. Thinking the message

might have been sent to his son by mistake he opened it and read it. It had come from an entity called the

Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read

further he learned that kids who took the survey were automatically registered in a contest to win the first book

in a series about famous leaders.

To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if

he had been prompted to give information about himself in order to take the survey. His son told him he had

been asked to give his name, address, telephone number, and date of birth, and to answer questions about his

favorite games and toys.

Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way

that it was. Then he noticed several other commercial emails from marketers advertising products for children

in his son’s inbox, and he decided it was time to report the incident to the proper authorities.

Based on the incident, the FTC’s enforcement actions against the marketer would most likely include what

violation?

A : Intruding upon the privacy of a family with young children

B : llecting information from a child under the age of thirteen

C : iling to notify of a breach of children’s private information.

D : regarding the privacy policy of the children’s marketing industry.

Answer: D

Question 5

The Cable Communications Policy Act of 1984 requires which activity?

A : livery of an annual notice detailing how subscriber information is to be used

B : Destruction of personal information a maximum of six months after it is no longer needed

C : tice to subscribers of any investigation involving unauthorized reception of cable services

D : taining subscriber consent for disseminating any personal information necessary to render cable services

Answer: C