• Home
  • Blogs
  • (2021) CIPP-US Dumps and Practice Test (152 Questions) [Q60-Q75]

(2021) CIPP-US Dumps and Practice Test (152 Questions) [Q60-Q75]

Share

(2021) CIPP-US Dumps and Practice Test (152 Questions)

Guide (New 2021) Actual IAPP CIPP-US Exam Questions

NEW QUESTION 60
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the
"most expeditious time possible without unreasonable delay." By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?

  • A. Maine
  • B. New York
  • C. Florida
  • D. California

Answer: C

Explanation:
Explanation/Reference: https://www.itgovernanceusa.com/data-breach-notification-laws

 

NEW QUESTION 61
Which of the following would NOT constitute an exception to the authorization requirement under the HIPAA Privacy Rule?

  • A. Disclosing health information needed to treat a medical emergency.
  • B. Disclosing health information needed to pay a third party billing administrator.
  • C. Disclosing health information to file a child abuse report.
  • D. Disclosing health information for public health activities.

Answer: A

 

NEW QUESTION 62
Within what time period must a commercial message sender remove a recipient's address once they have asked to stop receiving future e-mail?

  • A. 15 days
  • B. 21 days
  • C. 10 days
  • D. 7 days

Answer: C

 

NEW QUESTION 63
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?

  • A. Medical providers
  • B. Department of Health and Human Services
  • C. The local media
  • D. The affected individuals

Answer: A

 

NEW QUESTION 64
Read this notice:
Our website uses cookies. Cookies allow us to identify the computer or device you're using to access the site, but they don't identify you personally. For instructions on setting your Web browser to refuse cookies, click here.
What type of legal choice does not notice provide?

  • A. Implied consent
  • B. Opt-out
  • C. Mandatory
  • D. Opt-in

Answer: A

 

NEW QUESTION 65
SCENARIO
Please use the following to answer the next QUESTION:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal dat a. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company." This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.
As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
Upon review, the data privacy leader discovers that the Company's documented data inventory is obsolete. What is the data privacy leader's next best source of information to aid the investigation?

  • A. Interviews with key marketing personnel
  • B. Lists of all customers, sorted by country
  • C. Reports on recent purchase histories
  • D. Database schemas held by the retailer

Answer: B

 

NEW QUESTION 66
SCENARIO
Please use the following to answer the next QUESTION
Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Celeste open a jewelry store in Californi a. Felicia, despite being excited at the prospect, has a number of security concerns, and has only grudgingly accepted the need to hire other employees. In order to guard against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission, Felicia would like to run credit checks, administer polygraph tests, and scrutinize videos of interviews. She intends to read applicants' postings on social media, ask Question:s about drug addiction, and solicit character references. Felicia believes that if potential employees are serious about becoming part of a dynamic new business, they will readily agree to these requirements.
Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent mistakes during transactions, which will require video monitoring. She also wants to regularly check the company vehicle's GPS for locations visited by employees. She also believes that employees who use their own devices for work-related purposes should agree to a certain amount of supervision.
Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that many types of background checks are not allowed under California law. Her friend Celeste thinks these worries are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor does Celeste share Felicia's concern about state breach notification laws, which, she claims, would be costly to implement even on a minor scale. Celeste believes that even if the business grows a customer database of a few thousand, it's unlikely that a state agency would hassle an honest business if an accidental security incident were to occur.
In any case, Celeste feels that all they need is common sense - like remembering to tear up sensitive documents before throwing them in the recycling bin. Felicia hopes that she's right, and that all of her concerns will be put to rest next month when their new business consultant (who is also a privacy professional) arrives from North Carolina.
Based on Felicia's Bring Your Own Device (BYOD) plan, the business consultant will most likely advise Felicia and Celeste to do what?

  • A. Make employment decisions based on those willing to consent to the plan in writing.
  • B. Reconsider the plan in favor of a policy of dedicated work devices.
  • C. Weigh any productivity benefits of the plan against the risk of privacy issues.
  • D. Adopt the same kind of monitoring policies used for work-issued devices.

Answer: A

 

NEW QUESTION 67
Which entities must comply with the Telemarketing Sales Rule?

  • A. For-profit organizations calling businesses when a binding contract exists between them
  • B. For-profit and not-for-profit organizations when selling additional services to establish customers
  • C. Nonprofit organizations calling on their own behalf
  • D. For-profit organizations and for-profit telefunders regarding charitable solicitations

Answer: B

 

NEW QUESTION 68
A large online bookseller decides to contract with a vendor to manage Personal Information (PI). What is the least important factor for the company to consider when selecting the vendor?

  • A. The vendor's reputation
  • B. The vendor's employee retention rates
  • C. The vendor's employee training program
  • D. The vendor's financial health

Answer: D

 

NEW QUESTION 69
Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?

  • A. A code of responsibilities for medical establishments to uphold privacy laws.
  • B. An international court ruling on personal information held in the commercial sector.
  • C. A bill of rights for individuals seeking access to their personal information.
  • D. A baseline of marketers' minimum responsibilities for providing opt-out mechanisms.

Answer: C

Explanation:
Explanation/Reference: http://documents1.worldbank.org/curated/en/751621525705087132/text/WPS8431.txt

 

NEW QUESTION 70
An organization self-certified under Privacy Shield must, upon request by an individual, do what?

  • A. Identify all personal information disclosed during a criminal investigation.
  • B. Suspend the use of all personal information collected by the organization to fulfill its original purpose.
  • C. Provide the identities of third and fourth parties that may potentially receive personal information.
  • D. Provide the identities of third parties with whom the organization shares personal information.

Answer: D

Explanation:
Explanation/Reference: https://www.lakesidesoftware.com/sites/default/files/Privacy_Shield_Privacy_Statement.pdf

 

NEW QUESTION 71
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?

  • A. USA Freedom Act
  • B. SCA
  • C. CALEA
  • D. ECPA

Answer: C

 

NEW QUESTION 72
Which entities must comply with the Telemarketing Sales Rule?

  • A. For-profit organizations calling businesses when a binding contract exists between them
  • B. For-profit and not-for-profit organizations when selling additional services to establish customers
  • C. Nonprofit organizations calling on their own behalf
  • D. For-profit organizations and for-profit telefunders regarding charitable solicitations

Answer: B

Explanation:
Explanation/Reference: https://www.ftc.gov/tips-advice/business-center/guidance/complying-telemarketing-sales-rule

 

NEW QUESTION 73
SCENARIO
Please use the following to answer the next QUESTION
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asi a. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station's network and was able to steal data relating to employees in the company's Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
What can Otto do to most effectively minimize the privacy risks involved in using a cloud provider for the HR data?

  • A. Obtain express consent from employees for storing the HR data in the cloud and keep a record of the employee consents.
  • B. Request that the Board sign off in a written document on the choice of cloud provider.
  • C. Ensure that the cloud provider abides by the contractual requirements by conducting an on-site audit.
  • D. Negotiate a Business Associate Agreement with the cloud provider to protect any health-related data employees might share with Filtration Station.

Answer: C

 

NEW QUESTION 74
SCENARIO
Please use the following to answer the next QUESTION:
Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer's privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships.
Although Cheryl and her staff have tried to make privacy protection a priority, the company has no formal privacy policy. So Cheryl hired Janice, a privacy professional, to help her develop one.
After an initial assessment, Janice created a first of a new policy. Cheryl read through the draft and was concerned about the many changes the policy would bring throughout the company. For example, the draft policy stipulates that a customer's personal information can only be held for one year after paying for a service such as a session with personal trainer. It also promises that customer information will not be shared with third parties without the written consent of the customer. The wording of these rules worry Cheryl since stored personal information often helps her company to serve her customers, even if there are long pauses between their visits. In addition, there are some third parties that provide crucial services, such as aerobics instructors who teach classes on a contract basis. Having access to customer files and understanding the fitness levels of their students helps instructors to organize their classes.
Janice understood Cheryl's concerns and was already formulating some ideas for revision. She tried to put Cheryl at ease by pointing out that customer data can still be kept, but that it should be classified according to levels of sensitivity. However, Cheryl was skeptical. It seemed that classifying data and treating each type differently would cause undue difficulties in the company's day-to-day operations. Cheryl wants one simple data storage and access system that any employee can access if needed.
Even though the privacy policy was only a draft, she was beginning to see that changes within her company were going to be necessary. She told Janice that she would be more comfortable with implementing the new policy gradually over a period of several months, one department at a time. She was also interested in a layered approach by creating documents listing applicable parts of the new policy for each department.
What is the most likely risk of Fitness Coach, Inc. adopting Janice's first draft of the privacy policy?

  • A. Showing a lack of trust in the organization's privacy practices
  • B. Not being in standard compliance with applicable laws
  • C. Leaving the company susceptible to violations by setting unrealistic goals
  • D. Failing to meet the needs of customers who are concerned about privacy

Answer: C

 

NEW QUESTION 75
......


IAPP CIPP-US Exam Syllabus Topics:

TopicDetails
Topic 1
  • Limits on Private-sector Collection and Use of Data
  • FCRA, FACT Act, GLBA, Red Flags Rules, Dodd-Frank, CFPB, online banking
Topic 2
  • Branches of government, sources of law, legal definitions, regulatory authorities
  • Information Management from a U.S. Perspective
Topic 3
  • Elements of, key differences among states, recent developments
  • Introduction to the U.S. Privacy Environment
Topic 4
  • Privacy before, during and after employment
  • Government and Court Access to Private-sector Information
Topic 5
  • Workplace privacy concepts, U.S. agencies regulating workplace privacy issues
  • Data inventory and classification, data flow mapping, privacy program
Topic 6
  • Development, managing user preferences, incident response programs, workforce
  • Access to financial data, access to communications, CALEA
Topic 7
  • Compelled disclosure of media information, electronic discovery
  • FISA, USA-Patriot Act, USA Freedom Act, Cybersecurity Information Sharing Act (CISA)
Topic 8
  • Enforcement of U.S. Privacy and Security Laws
  • Criminal vs. civil liability, general theories of legal liability
Topic 9
  • National Security and Privacy
  • Law Enforcement and Privacy
  • Civil Litigation and Privacy

 

CIPP-US Exam Dumps Pass with Updated 2021 Certified Exam Questions: https://www.topexamcollection.com/CIPP-US-vce-collection.html

CIPP-US Exam Questions - Real & Updated Questions PDF: https://drive.google.com/open?id=1VRoK-fvXgoocSCwABJKqhkFCzSGI8Xsn 

Related Blogs

more
IAPP CIPP-US Certification Practice Exam

TopExamCollection is a professional website offering the top pass-rate Exam Collection materials so that most of candidates feel our exam materials are helpful and help them pass exam casually in first time. If you want to study and prepare efficiently our Exam Collection should be your best products.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TOPEXAMCOLLECTION.COM. Privacy Policy

Disclaimer:
TopExamCollection material do not contain actual Business Architecture Guild Exam Questions or materials. TopExamCollection doesn't offer Real Amazon Exam Questions.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
TopExamCollection does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. TopExamCollection does not own or claim any ownership on any of the brands.