Question 1

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

Options :

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C :

A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D :

A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 2

Which of the following would most likely NOT be covered by the definition of "personal data" under the GDPR?

Options :

A : The payment card number of a Dutch citizen

B : The U.S. social security number of an American citizen living in France

C : The unlinked aggregated data used for statistical purposes by an Italian company

D : The identification number of a German candidate for a professional examination in Germany

Answer: C

Question 3

SCENARIO

Please use the following to answer the next question:

Sandy recently joined Market4U, an advertising technology company founded in 2016, as their VP of Privacy and Data Governance. Through her first initiative in conducting a data inventory, Sandy learned that Market4U maintains a list of 19 million global contacts that were collected throughout the course of Market4U's existence. Knowing the risk of having such a large amount of data, Sandy wanted to purge all contacts that were entered into Market4U's systems prior to May 2018, unless such contacts had a more recent interaction with Market4U content. However, Dan, the VP of Sales, informed Sandy that all of the contacts provide useful information regarding successful marketing campaigns and trends in industry verticals for Market4U's clients.

Dan also informed Sandy that he had wanted to focus on gaining more customers within the sports and entertainment industry. To assist with this behavior, Market4U's marketing team decided to add several new fields to Market4U's website forms, including forms for downloading white papers, creating accounts to participate in Market4U's forum, and attending events. Such fields include birth date and salary.

What should Sandy give as feedback to Dan and the marketing team regarding the new fields Dan wants to add to Market4U's forms?

Options :

A : Make all the fields optional.

B : Only request the information in brackets (i.e., age group and salary range).

C : Eliminate the fields, as they are not proportional to the services being offered.

D : Eliminate the fields as they are not necessary for the purposes of providing white papers or registration for events.

Answer: D

Question 4

What is the most frequently used mechanism for legitimizing cross-border data transfer?

Options :

A : Standard Contractual Clauses.

B : Approved Code of Conduct.

C : Binding Corporate Rules

D : Derogations

Answer: A

Question 5

A company would like to implement CCTV monitoring in its offices for safety and security purposes. Which of the following would be the best legal basis for the company to rely upon?

Options :

A : Public interest.

B : Individual consent

C : Legitimate interest.

D : Exercise of pubic authority.

Answer: A

Higher Test Marks with Free Online CIPP-E Exam Practice

Buying Options: