Free IAPP CIPP-US Exam Questions

Become IAPP Certified with updated CIPP-US exam questions and correct answers

Page: 1 / 41

Total 201 Questions | Updated On: Jan 12, 2026

Add To Cart

Question 1

A company based in United States receives information about its UK subsidiary’s employees in connection with

the centralized HR service it provides.

How can the UK company ensure an adequate level of data protection that would allow the restricted data

transfer to continue?

A : signing up to an approved code of conduct under UK GDPR to demonstrate compliance with its requirements, both for the parent and the subsidiary companies

B : revising the contract with the United States parent company incorporating EU SCCs, as it continues to be valid for restricted transfers under the UK regime

C : By submitting to the ICO a new application for the UK BCRs using the UK BCR application forms, as their existing authorized EU BCRs are not recognized.

D : allowing each employee the option to opt-out to the restricted transfer, as it is necessary to send their names in order to book the sales bonuses.

Answer: B

Question 2

Which statement is FALSE regarding the provisions of the Employee Polygraph Protection Act of 1988 (EPPA)?

A : EPPA requires that employers post essential information about the Act in a conspicuous location

B : EPPA includes an exception that allows polygraph tests in professions in which employee honesty is necessary for public safety.

C : ployers are prohibited from administering psychological testing based on personality traits such as honesty, preferences or habits.

D : ployers involved in the manufacture of controlled substances may terminate employees based on polygraph results if other evidence exists

Answer: C

Question 3

Edward Snowden’s revelations regarding government programs collecting massive amounts of information about U.S. citizens and noncitizens led to the passage of which law?

A : bersecurity Information Sharing Act of 2015

B : reign Intelligence Surveillance Act

C : USA FREEDOM Act

D : OUD Act

Answer: C

Question 4

Under the Fair Credit Reporting Act (FCRA), what must a person who is denied employment based upon his credit history receive?

A : prompt notification from the employer

B : opportunity to reapply with the employer.

C : formation from several consumer reporting agencies (CRAs).

D : A list of rights from the Consumer Financial Protection Bureau (CFPB).

Answer: A

Question 5

Which of the following is most likely to provide privacy protection to private-sector employees in the United States?

A : ate law, contract law, and tort law

B : Federal Trade Commission Act (FTC Act)

C : endments one, four, and five of the U.S. Constitution

D : U.S. Department of Health and Human Services (HHS)

Answer: A

Page: 1 / 41

Total 201 Questions | Updated On: Jan 12, 2026

Add To Cart