Question 1

What United States federal law requires financial institutions to declare their personal data collection practices?

Options :

A : The Kennedy-Hatch Disclosure Act of 1997

B : The Gramm-Leach-Bliley Act of 1999

C : SUPCLA, or the federal Superprivacy Act of 2001

D : The Financial Portability and Accountability Act of 2006.

Answer: B

Question 2

Why were the nongovernmental privacy organizations, Electronic Frontier Foundation (EFF) and Electronic

Privacy Information Center (EPIC), established?

Options :

A : To promote consumer confidence in the Internet industry

B : To improve the user experience during online shopping

C : To protect civil liberties and raise consumer awareness.

D : To promote security on the Internet through strong encryption

Answer: C

Question 3

Under Article 35 of the GDPR, a data controller must take a risk-based approach to determine whether to complete?

Options :

A : Privacy program review.

B : Privacy threshold assessment.

C : Transfer Impact Assessment (TIA).

D : Data Protection Impact Assessment (DPIA).

Answer: D

Question 4

How do privacy audits differ from privacy assessments?

Options :

A : They are non-binding.

B : They are evidence-based.

C : They are based on standards.

D : They are conducted by external parties.

Answer: B

Question 5

Which aspect of a privacy program can best aid an organization’s response time to a Data Subject Access Request (DSAR)?

Options :

A : Conducting privacy training

B : Maintaining a written DSAR policy

C : Creating a comprehensive data inventory

D : Implementing Privacy Impact Assessment (PIAs).

Answer: B,C

Higher Test Marks with Free Online CIPM Exam Practice