Latest CIPP-US Actual Free Exam Questions Updated 152 Questions [Q60-Q75]

Share

Latest CIPP-US Actual Free Exam Questions Updated 152 Questions

Free CIPP-US Exam Braindumps certification guide Q&A

NEW QUESTION 60
Which of the following best describes private-sector workplace monitoring in the United States?

  • A. U.S. federal law restricts monitoring only to industries for which it is necessary
  • B. Employers have broad authority to monitor their employees
  • C. Most employees are protected from workplace monitoring by the U.S. Constitution
  • D. Judgments in private lawsuits have severely limited the monitoring of employees

Answer: B

 

NEW QUESTION 61
What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?

  • A. Keep electronic updates about the Health Insurance Portability and Accountability Act
  • B. Send health information and appointment reminders to patients electronically
  • C. Bill the majority of patients electronically for their health care
  • D. Make electronic health records (EHRs) part of regular care

Answer: D

 

NEW QUESTION 62
Sarah lives in San Francisco, Californi
a. Based on a dramatic increase in unsolicited commercial emails, Sarah believes that a major social media platform with over 50 million users has collected a lot of personal information about her. The company that runs the platform is based in New York and France.
Why is Sarah entitled to ask the social media platform to delete the personal information they have collected about her?

  • A. Under Section 5 of the FTC Act, the Federal Trade Commission has held that refusing to delete an individual's personal information upon request constitutes an unfair practice.
  • B. The California Consumer Privacy Act entitles Sarah to request deletion of her personal information.
  • C. Any company with a presence in Europe must comply with the General Data Protection Regulation globally, including in response to data subject deletion requests.
  • D. The New York "Stop Hacks and Improve Electronic Data Security" (SHIELD) Act requires that businesses under New York's jurisdiction must delete customers' personal information upon request.

Answer: B

 

NEW QUESTION 63
Which of the following best describes what a "private right of action" is?

  • A. The right of individuals to submit a request to access their information.
  • B. The right of individuals harmed by data processing to have their information deleted.
  • C. The right of individuals harmed by a violation of a law to file a lawsuit against the violation.
  • D. The right of individuals to keep their information private.

Answer: C

 

NEW QUESTION 64
In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?

  • A. Making student education records publicly available
  • B. Scanning emails sent to and received by students
  • C. Disclosing education records without obtaining required consent
  • D. Relying on verbal consent for a disclosure of education records

Answer: B

 

NEW QUESTION 65
Which action is prohibited under the Electronic Communications Privacy Act of 1986?

  • A. Accessing stored communications with the consent of the sender or recipient of the message
  • B. Monitoring employee telephone calls of a personal nature
  • C. Intercepting electronic communications and unauthorized access to stored communications
  • D. Monitoring all employee telephone calls

Answer: C

 

NEW QUESTION 66
SCENARIO
Please use the following to answer the next QUESTION:
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients' Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital's use of a billing company. He Questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients' care.
On his first day Declan became familiar with all areas of the hospital's large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had plans to properly report what had happened.
Despite Declan's concern about this issue, he was amazed by the hospital's effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to think more carefully about genetic testing.
Although Declan's day ended with many Questions, he was pleased about his new position.
How can the radiology department address Declan's concern about paper waste and still comply with the Health Insurance Portability and Accountability Act (HIPAA)?

  • A. Direct patients to the correct area of the hospital website
  • B. Confirm that patients are given the privacy notice on their first visit
  • C. Post the privacy notice in a prominent location instead
  • D. State the privacy policy to the patient verbally

Answer: A

Explanation:
Section: (none)
Explanation

 

NEW QUESTION 67
Global Manufacturing Co's Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated "360 review" that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other.
What is the most important step for the Human Resources Department to take when implementing this new software?

  • A. Making sure that the software does not unintentionally discriminate against protected groups.
  • B. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization's systems, regardless of the protected group or laws enforced by EEOC.
  • C. Providing notice to employees that their emails will be scanned by the software and creating automated profiles.
  • D. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems.

Answer: A

 

NEW QUESTION 68
Although an employer may have a strong incentive or legal obligation to monitor employees' conduct or behavior, some excessive monitoring may be considered an intrusion on employees' privacy? Which of the following is the strongest example of excessive monitoring by the employer?

  • A. An employer who installs video monitors in physical locations, such as a changing room, to reduce the risk of sexual harassment.
  • B. An employer who records all employee phone calls that involve financial transactions with customers completed over the phone.
  • C. An employer who installs a video monitor in physical locations, such as a warehouse, to ensure employees are performing tasks in a safe manner and environment.
  • D. An employer who installs data loss prevention software on all employee computers to limit transmission of confidential company information.

Answer: A

 

NEW QUESTION 69
Which federal act does NOT contain provisions for preempting stricter state laws?

  • A. The Fair and Accurate Credit Transactions Act (FACTA)
  • B. The CAN-SPAM Act
  • C. The Telemarketing Consumer Protection and Fraud Prevention Act
  • D. The Children's Online Privacy Protection Act (COPPA)

Answer: C

Explanation:
Explanation

 

NEW QUESTION 70
According to FERPA, when can a school disclose records without a student's consent?

  • A. If the disclosure is to provide transcripts to a school where a student intends to enroll
  • B. If the disclosure would not reveal a student's student identification number
  • C. If the disclosure is to practitioners who are involved in a student's health care
  • D. If the disclosure is not to be conducted through email to the third party

Answer: A

Explanation:
Explanation/Reference: https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

 

NEW QUESTION 71
John, a California resident, receives notification that a major corporation with $500 million in annual revenue has experienced a data breach. John's personal information in their possession has been stolen, including his full name and social security numb. John also learns that the corporation did not have reasonable cybersecurity measures in place to safeguard his personal information.
Which of the following answers most accurately reflects John's ability to pursue a legal claim against the corporation under the California Consumer Privacy Act (CCPA)?

  • A. John can sue the corporation for the data breach to recover monetary damages suffered as a result of the data breach, and in some circumstances seek statutory damages irrespective of whether he suffered any financial harm.
  • B. John cannot sue the corporation for the data breach because only the state's Attoney General has authority to file suit under the CCPA.
  • C. John can sue the corporation for the data breach but only to recover monetary damages he actually suffered as a result of the data breach.
  • D. John has no right to sue the corporation because the CCPA does not address any data breach rights.

Answer: C

 

NEW QUESTION 72
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?

  • A. SCA
  • B. ECPA
  • C. USA Freedom Act
  • D. CALEA

Answer: D

Explanation:
Explanation
Explanation/Reference: https://www.nap.edu/read/11896/chapter/11#283

 

NEW QUESTION 73
All of the following are tasks in the "Discover" phase of building an information management program EXCEPT?

  • A. Developing a process for review and update of privacy policies
  • B. Facilitating participation across departments and levels
  • C. Understanding the laws that regulate a company's collection of information
  • D. Deciding how aggressive to be in the use of personal information

Answer: C

 

NEW QUESTION 74
What is an exception to the Electronic Communications Privacy Act of 1986 ban on interception of wire, oral and electronic communications?

  • A. Only if all parties have given consent
  • B. Where state law permits such interception
  • C. If an organization intercepts an employee's purely personal call
  • D. Where one of the parties has given consent

Answer: C

 

NEW QUESTION 75
......


Who should take the IAPP CIPP-US: Certified Information Privacy Professional/United States (CIPP/US) Exam

The IAPP CIPP/US exam test is ideal for those tech pros that want to accelerate their data privacy career. When looking at the role that a IAPP CIPP-US: Certified Information Privacy Professional/United States (CIPP/US) certified professional would play, it’s most relevant to those that are involved in processing of personal data, particularly those in the public sector and from EU institutions, agencies and bodies, including:

  • Anyone who uses, processes and maintains personal data
  • Human Resources Officers
  • Compliance Officers
  • Data Protection Officers
  • Information Officers
  • Data Protection Professionals
  • Data Protection Lawyers
  • Record Managers

 

CIPP-US Certification Overview Latest CIPP-US PDF Dumps: https://www.fast2test.com/CIPP-US-premium-file.html

Top IAPP CIPP-US Exam Audio Study Guide! Practice Questions Edition: https://drive.google.com/open?id=1B4QTWtFzl5VvlWVjCX0iw0hjcCZHfFu-

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어