Question 1

An organization self-certified under Privacy Shield must, upon request by an individual, do what?

Options :

A : Suspend the use of all personal information collected by the organization to fulfill its original purpose

B : Provide the identities of third parties with whom the organization shares personal information.

C : Provide the identities of third and fourth parties that may potentially receive personal information

D : Identify all personal information disclosed during a criminal investigation

Answer: B

Question 2

SCENARIO

Please use the following to answer the next question:

Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier

to the U.S. Department of Defense and other U.S. federal agencies. Jane's manager, Patrick, is a French

citizen who has been living in California for over a decade. Patrick has recently begun to suspect that Jane is

an insider secretly transmitting trade secrets to foreign intelligence. Unbeknownst to Patrick, the FBI has

already received a hint from anonymous whistleblower, and jointly with the National Security Agency is

investigating Jane's possible implication in a sophisticated foreign espionage campaign.

Ever since the pandemic, Jane has been working from home. To complete her daily tasks she uses her

corporate laptop, which after each login conspicuously provides notice that the equipment belongs to Jones

Labs and may be monitored according to the enacted privacy policy and employment handbook. Jane also has

a corporate mobile phone that she uses strictly for business, the terms of which are defined in her employment

contract and elaborated upon in her employee handbook. Both the privacy policy and the employee handbook

are revised annually by a reputable California law firm specializing in privacy law. Jane also has a personal

iPhone that she uses for private purposes only.

Jones Labs has its primary data center in San Francisco, which is managed internally by Jones Labs engineers.

The secondary data center, managed by Amazon AWS, is physically located in the UK for disaster recovery

purposes. Jones Labs' mobile devices backup is managed by a mid-sized mobile defense company located in

Denver, which physically stores the data in Canada to reduce costs. Jones Labs MS Office documents are

securely stored in a Microsoft Office 365 data center based in Ireland. Manufacturing data of Jones Labs is

stored in Taiwan and managed by a local supplier that has no presence in the U.S.

When storing Jane's fingerprint for remote authentication. Jones Labs should consider legality issues under

which of the following?

Options :

A : The Privacy Rule of the HITECH Act.

B : The California IoT Security Law (SB 327).

C : The applicable state law such as Illinois BIPA.

D : The federal Genetic Information Nondiscrimination Act (GINA).

Answer: C

Question 3

Which of the following is most likely to provide privacy protection to private-sector employees in the United States?

Options :

A : State law, contract law, and tort law

B : The Federal Trade Commission Act (FTC Act)

C : Amendments one, four, and five of the U.S. Constitution

D : The U.S. Department of Health and Human Services (HHS)

Answer: A

Question 4

Which jurisdiction must courts have in order to hear a particular case?

Options :

A : Subject matter jurisdiction and regulatory jurisdiction

B : Subject matter jurisdiction and professional jurisdiction

C : Personal jurisdiction and subject matter jurisdiction

D : Personal jurisdiction and professional jurisdiction

Answer: C

Question 5

SCENARIO

Please use the following to answer the next question:

Matt went into his son’s bedroom one evening and found him stretched out on his bed typing on his laptop.

“Doing your homework?” Matt asked hopefully.

“No,” the boy said. “I’m filling out a survey.”

Matt looked over his son’s shoulder at his computer screen. “What kind of survey?”

“It’s asking questions about my opinions.”

“Let me see,” Matt said, and began reading the list of questions that his son had already answered. “It’s asking

your opinions about the government and citizenship. That’s a little odd. You’re only ten.”

Matt wondered how the web link to the survey had ended up in his son’s email inbox. Thinking the message

might have been sent to his son by mistake he opened it and read it. It had come from an entity called the

Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read

further he learned that kids who took the survey were automatically registered in a contest to win the first book

in a series about famous leaders.

To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if

he had been prompted to give information about himself in order to take the survey. His son told him he had

been asked to give his name, address, telephone number, and date of birth, and to answer questions about his

favorite games and toys.

Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way

that it was. Then he noticed several other commercial emails from marketers advertising products for children

in his son’s inbox, and he decided it was time to report the incident to the proper authorities.

Based on the incident, the FTC’s enforcement actions against the marketer would most likely include what

violation?

Options :

A : Intruding upon the privacy of a family with young children

B : Collecting information from a child under the age of thirteen

C : Failing to notify of a breach of children’s private information.

D : Disregarding the privacy policy of the children’s marketing industry.

Answer: D

Higher Test Marks with Free Online CIPP-US Exam Practice

Buying Options: