Free IAPP CIPP-US Exam Questions

Question 1

An organization self-certified under Privacy Shield must, upon request by an individual, do what?

A : pend the use of all personal information collected by the organization to fulfill its original purpose

B : ovide the identities of third parties with whom the organization shares personal information.

C : ovide the identities of third and fourth parties that may potentially receive personal information

D : Identify all personal information disclosed during a criminal investigation

Answer: B

Question 2

What is the main purpose of the Global Privacy Enforcement Network (GPEN)?

A : promote universal cooperation among privacy authorities

B : investigate allegations of privacy violations internationally

C : protect the interests of privacy consumer groups worldwide

D : arbitrate disputes between countries over jurisdiction for privacy laws

Answer: A

Question 3

SCENARIO

Please use the following to answer the next question:

Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with

his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the

people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC

list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.”

Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call “another time.” This,

to Larry, is a clear indication that they don’t want to be called at all. Evan doesn’t see it that way.

Larry believes that Evan’s arrogance also affects the way he treats employees. The U.S. Constitution protects

American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan

seemed friendly, even connecting with employees on social media. However, following Evan’s political posts, it

became clear to Larry that employees with similar affiliations were the only ones offered promotions.

Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these

have come to him already opened, even though this name was clearly marked. Larry thinks the opening of

personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan’s

leadership.

Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are

regularly recorded for quality assurance, and although Sadie is always professional during business, her

personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan

laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the

coworker’s belief that employees agreed to be monitored when they signed on. Although personal devices are

left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one

case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of

misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the

authorities when he first suspected something amiss.

Larry wants to take action, but is uncertain how to proceed.

In regard to telemarketing practices, Evan the supervisor has a misconception regarding?

A : conditions under which recipients can opt out

B : wishes of recipients who request callbacks

C : right to monitor calls for quality assurance

D : relationship of state law to federal law

Answer: B

Question 4

SCENARIO

Please use the following to answer the next question:

Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier

to the U.S. Department of Defense and other U.S. federal agencies. Jane's manager, Patrick, is a French

citizen who has been living in California for over a decade. Patrick has recently begun to suspect that Jane is

an insider secretly transmitting trade secrets to foreign intelligence. Unbeknownst to Patrick, the FBI has

already received a hint from anonymous whistleblower, and jointly with the National Security Agency is

investigating Jane's possible implication in a sophisticated foreign espionage campaign.

Ever since the pandemic, Jane has been working from home. To complete her daily tasks she uses her

corporate laptop, which after each login conspicuously provides notice that the equipment belongs to Jones

Labs and may be monitored according to the enacted privacy policy and employment handbook. Jane also has

a corporate mobile phone that she uses strictly for business, the terms of which are defined in her employment

contract and elaborated upon in her employee handbook. Both the privacy policy and the employee handbook

are revised annually by a reputable California law firm specializing in privacy law. Jane also has a personal

iPhone that she uses for private purposes only.

Jones Labs has its primary data center in San Francisco, which is managed internally by Jones Labs engineers.

The secondary data center, managed by Amazon AWS, is physically located in the UK for disaster recovery

purposes. Jones Labs' mobile devices backup is managed by a mid-sized mobile defense company located in

Denver, which physically stores the data in Canada to reduce costs. Jones Labs MS Office documents are

securely stored in a Microsoft Office 365 data center based in Ireland. Manufacturing data of Jones Labs is

stored in Taiwan and managed by a local supplier that has no presence in the U.S.

When storing Jane's fingerprint for remote authentication. Jones Labs should consider legality issues under

which of the following?

A : Privacy Rule of the HITECH Act.

B : California IoT Security Law (SB 327).

C : applicable state law such as Illinois BIPA.

D : federal Genetic Information Nondiscrimination Act (GINA).

Answer: C

Question 5

All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?

A : althcare information clearinghouses

B : armaceutical companies

C : althcare providers

D : alth plans

Answer: B