Vendor: IAPP
Certifications: Certified Information Privacy Professional
Exam Name: Certified Information Privacy Professional/United States (CIPP/US)
Exam Code: CIPP-US
Total Questions: 185 Q&As ( View Details)
Last Updated: Mar 22, 2024
Note: Product instant download. Please sign in and click My account to download your product.
VCE
IAPP CIPP-US Last Month Results
CIPP-US Q&A's Detail
Exam Code: | CIPP-US |
Total Questions: | 185 |
Single & Multiple Choice | 185 |
CertBus Has the Latest CIPP-US Exam Dumps in Both PDF and VCE Format
CIPP-US Online Practice Questions and Answers
SCENARIO
Please use the following to answer the next question:
Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company
for ten years and has always been concerned about protecting customers' privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships.
Although Cheryl and her staff have tried to make privacy protection a priority, the company has no formal privacy policy. So Cheryl hired Janice, a privacy professional, to help her develop one.
After an initial assessment, Janice created a first of a new policy. Cheryl read through the draft and was concerned about the many changes the policy would bring throughout the company. For example, the draft policy stipulates that a
customer's personal information can only be held for one year after paying for a service such as a session with personal trainer. It also promises that customer information will not be shared with third parties without the written consent of the
customer. The wording of these rules worries Cheryl since stored personal information often helps her company to serve her customers, even if there are long pauses between their visits. In addition, there are some third parties that provide
crucial services, such as aerobics instructors who teach classes on a contract basis. Having access to customer files and understanding the fitness levels of their students helps instructors to organize their classes.
Janice understood Cheryl's concerns and was already formulating some ideas for revision. She tried to put Cheryl at ease by pointing out that customer data can still be kept, but that it should be classified according to levels of sensitivity.
However, Cheryl was skeptical. It seemed that classifying data and treating each type differently would cause undue difficulties in the company's day-to-day operations. Cheryl wants one simple data storage and access system that any
employee can access if needed.
Even though the privacy policy was only a draft, she was beginning to see that changes within her company were going to be necessary. She told Janice that she would be more comfortable with implementing the new policy gradually over a
period of several months, one department at a time. She was also interested in a layered approach by creating documents listing applicable parts of the new policy for each department.
Based on the scenario, which of the following would have helped Janice to better meet the company's needs?
A. Creating a more comprehensive plan for implementing a new policy
B. Spending more time understanding the company's information goals
C. Explaining the importance of transparency in implementing a new policy
D. Removing the financial burden of the company's employee training program
What was the original purpose of the Foreign Intelligence Surveillance Act?
A. To further define what information can reasonably be under surveillance in public places under the USA PATRIOT Act, such as Internet access in public libraries.
B. To further clarify a reasonable expectation of privacy stemming from the Katz v. United States decision.
C. To further define a framework for authorizing wiretaps by the executive branch for national security purposes under Article II of the Constitution.
D. To further clarify when a warrant is not required for a wiretap performed internally by the telephone company outside the suspect's home, stemming from the Olmstead v. United States decision.
SCENARIO
Please use the following to answer the next question:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they
were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to."
Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.
Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly,
even connecting with employees on social media. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common
at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations
sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored
when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an
outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
Based on the way he uses social media, Evan is susceptible to a lawsuit based on?
A. Defamation
B. Discrimination
C. Intrusion upon seclusion
D. Publicity given to private life
How did the Fair and Accurate Credit Transactions Act (FACTA) amend the Fair Credit Reporting Act (FCRA)?
A. It expanded the definition of "consumer reports" to include communications relating to employee investigations
B. It increased the obligation of organizations to dispose of consumer data in ways that prevent unauthorized access
C. It stipulated the purpose of obtaining a consumer report can only be for a review of the employee's credit worthiness
D. It required employers to get an employee's consent in advance of requesting a consumer report for internal investigation purposes
SCENARIO
Please use the following to answer the next question:
You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.
One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.
However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le, health and location information.
After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.
Who, if anyone, would the company have to notify immediately following the security team's rst call to the privacy manager on Friday?
A. It would have to notify each state's attorney general's o ce since the app is marketed to consumers.
B. It would not have to notify anyone since malware intrusions do not trigger breach noti cation laws.
C. It would have to notify the Federal Trade Commission (FTC) since there was an incident involving a mobile app.
D. It would not have to notify anyone since there was no unauthorized access of user data that would be considered personal information under applicable state laws.
Add Comments
Passed my exam today. Great job.Thanks this dumps.
Passed my exam with this dumps. Really recommend. The questions are valid and answers are accurate. The only shortcoming is there are too many questions and you need to spend lots of time to prepare with the questions. But compare to pass the exam and get certified, it's only a piece of cake.
Wonderful dumps. I really appreciated this dumps with so many new questions and update so quickly. Recommend strongly.
As for me , this dumps is very useful and convenient, I can find my disadvantages easily and know how to correct them. I also can learn new skills and knowledge by using this dumps. I think you also can do it. I have test it so you can trust on it.
hi guys I had my exam yesterday and passed. It is really a good dumps. Thanks very much.
HIGHLY recommend. Each question and answer is centered around something that must be known for this exam. Each answer is clear, concise, and accurate. They have explanations for the important questions, too. I suggest to give all explanations to all questions. That would be more helpful.
Valid dumps. Thanks very much.
This dumps is valid, and this dumps is the only study material i used for this exam. Surprisingly i met the same question in the exam, so i passed the exam without doubt. Thanks for this dumps and i will recommend it to my friends.
This helped a lot in studying for the CIPP-US. I would say that just one of any dumps wouldn't be enough, but this provided additional information and got me in the right mindset to study. I used this as my practice questions after taking a course, it provided enough information for me to pass the first time.
Yeah , Get 869/1000 score, this dumps still valid 100% but the some os answer is not correct.
IAPP CIPP-US exam official information: CIPP/US Certification JOIN THOUSANDS OF PRIVACY PROFESSIONALS WORLDWIDE WHO HOLD THE FIRST CERTIFICATION EVER DEVELOPED BY THE IAPP – THE CERTIFIED INFORMATION PRIVACY PROFESSIONAL/U.S. CREDENTIAL