Free IAPP CIPP-US Exam Questions

Become IAPP Certified with updated CIPP-US exam questions and correct answers

Page: 1 / 41

Total 201 Questions | Updated On: Apr 21, 2026

Add To Cart

Question 1

All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?

A : althcare information clearinghouses

B : armaceutical companies

C : althcare providers

D : alth plans

Answer: B

Question 2

A company based in United States receives information about its UK subsidiary’s employees in connection with

the centralized HR service it provides.

How can the UK company ensure an adequate level of data protection that would allow the restricted data

transfer to continue?

A : signing up to an approved code of conduct under UK GDPR to demonstrate compliance with its requirements, both for the parent and the subsidiary companies

B : revising the contract with the United States parent company incorporating EU SCCs, as it continues to be valid for restricted transfers under the UK regime

C : By submitting to the ICO a new application for the UK BCRs using the UK BCR application forms, as their existing authorized EU BCRs are not recognized.

D : allowing each employee the option to opt-out to the restricted transfer, as it is necessary to send their names in order to book the sales bonuses.

Answer: B

Question 3

Which of the following would NOT be considered a method of obtaining verifiable parental consent before collecting, using or disclosing personal information from children under the Children’s Online Privacy Protection Act (COPPA) of 1998?

A : ing a credit card, debit card, or other online payment system

B : ving the parent call a toll-free telephone number staffed by trained personnel.

C : Having the parent sign a consent form and return it to the operator by postal mail, facsimile, or electronic scan.

D : nding a text message to the parent explaining the intended uses of the information.

Answer: D

Question 4

What is the main purpose of the Global Privacy Enforcement Network (GPEN)?

A : promote universal cooperation among privacy authorities

B : investigate allegations of privacy violations internationally

C : protect the interests of privacy consumer groups worldwide

D : arbitrate disputes between countries over jurisdiction for privacy laws

Answer: A

Question 5

Which of the following describes the most likely risk for a company developing a privacy policy with standards that are much higher than its competitors?

A : ing more closely scrutinized for any breaches of policy

B : tting accused of discriminatory practices

C : tracting skepticism from auditors

D : ving a security system failure

Answer: A

Page: 1 / 41

Total 201 Questions | Updated On: Apr 21, 2026

Add To Cart