CIPP/US Certification Exam Prep Test

States are prevented by federal law from passing any laws that regulate financial privacy.

The superior government has the right to supersede the lesser government’s laws. The lesser government cannot pass a law that is inconsistent with the superior government’s law.

State laws supersede federal law in certain areas such as marketing.

The EU General Data Protection Regulation (GDPR) takes precedence over U.S. law, federal or state.

To announce the amount of civil penalties the FTC levies

To prove that companies have complied with FTC rulings

To punish companies that violate FTC rulings

To provide guidance about what practices the FTC finds inappropriate

Global consent

Transparency

Binding corporate rules

Disclosure

U.S. laws generally do not restrict geographic transfers of personal information.

U.S. data exporters are not liable for any inappropriate uses of the personal information.

U.S. data exports are immune from legal enforcement if handled by service providers.

U.S. laws have "reciprocity" arrangements with most national data protection laws.

Statutes enacted by legislative bodies.

statutes enacted by legislative bodies.

Laws guaranteed by the Constitution of the United States of America.

Regulations that are promulgated by state and federal agencies.

Convert personal data from opt-out to opt-in

Have a Standard Model Clause in place

Assure appropriate privacy terms and conditions are included in a contract with the third party

Perform a test of the vendor's disaster recovery / business contingency plan

Data controller

Data owner

data processor

Data subject

Securities and Exchange Commission

Consumer Financial Protection Bureau

Department of Justice

Federal Trade Commission

Email a consent form. The parent can provide consent by responding to the email.

Email a consent form. The parent can provide consent by signing and mailing back the form.

Request in an email that the parent consent by reply email and also provide email, phonenumber, or fax.

Email a consent form to the parent allowing 30 days to object to the data disclosure.

Operations Rule

Transaction Rule

Privacy Rule

Disclosure Rule

Library records released by a municipal body

Driving history obtained from an information aggregator

Academic records obtained from an accredited university

Purchase transactions obtained from an online retailer

Financial institutions can share customer information with non-affiliated third-party companieswithout obtaining an opt-in from the customer.

GLBA privacy rules are overseen by many regulatory organizations such as the Department of Commerce.

GLBA retains the legislative power to preempt any financial services laws as currently enforced by U.S. states.

U.S.-based financial institutions may not share any information with companies that are affiliated with financial institutions.

They must develop and implement methods of detecting identity theft.

They must identify who might be a poor credit risk for new mortgages, such as sub-primelending.

They must determine whether their corporate databases have been breached and reactaccording to data breach regulations.

They must locate unencrypted transmissions of their customer's financial data.

Electronic Communications Privacy Act

Stored Communications Act

Telecommunications Act

U.S. Communications Assistance to Law Enforcement Act

The customer authorizes access.

There is a qualified search warrant.

There is an appropriate judicial subpoena.

The financial records are reasonably described.

New Hampshire

Alaska

Delaware

Connecticut

NSL recipients must fulfill the request, even if compliance is oppressive.

New restrictions reduced the number of NSLs issued.

Issuance of an NSL requires judicial authorization.

An organization receiving an NSL may disclose the request to an attorney for legal assistance.

Telephone wiretap

Access to store emails

Pen register order

traditional search warrant

Specificity of the request

Whether the information originated in the U.S.

Whether counsel for both parties are based in the U.S.

Availability of alternative means of acquiring the information

Express authorization of foreign intelligence wiretaps

Legal authorization of some new surveillance practices

A series of checks and balances on the president and attorney general

Access to stored communication records without judicial authorization

Provide notice to applicant after taking adverse action and provide the applicant with a method to appeal the decision

Obtain data only from a qualified credit reporting agency and certify that the agency has administrative, technical and physical safeguards in place

Certify to the credit reporting agency that the employer has a permissible purpose and providea written consent from the employer

Obtain applicant's written consent and provide applicant with a copy of the credit report before taking an adverse action

Test marketing the company's new products

Determining legal standing or citizen status

Retirement planning

Group insurance underwriting

Questions about the applicant's duration of stay on the job or any anticipated absences

Questions regarding any medical conditions or disabilities that would inhibit the performanceof the job function

Questions on whether an applicant has applied for or received worker's compensation

Questions about the applicant's height or weight as this relates to a specific job function

Internet access and usage

Badge cards and ID readers

Secret surveillance

Closed-circuit television

Removing the employee's access rights to sensitive personal information before escorting theemployee from the premises

Reminding the employee of a non-disclosure agreement signed at the time of employment

Demanding that the employee not remove paper and electronic files, and only remove personal effects under direct observation

Asking the employee to sign the privacy policy immediately before conducting the exit interview

the collection of Social Security numbers via paper employment applications

The business hours during which organizations are allowed to make telemarketing calls

The display of Social Security numbers on identification cards

The disclosure of biometric records to law enforcement agencies

Name of the affected individual, brief description of the incident, date the incident occurred, and the number for a credit monitoring service

Name and Social Security number of the affected individual, full description of the incident, date the incident occurred, and the number for a credit monitoring service

name, Social Security number and address of the affected individual, full description of the incident, and a toll-free number for answers to questions

Brief description of the incident, type of information involved, and a toll-free number for answers to questions

The videotaping is proportional to the organization's need for surveillance

Monitoring is limited to "nonprivate" areas of the workplace

Complete video archives are kept by the employer and not edited or altered

Each employee signs an agreement that consents to the surveillance

Student records

Intellectual property

Social Security numbers

Street addresses

A confidentiality provision

Periodic audits

A ban on the use of subcontractors

Upgrades in technology

Communication privacy

Information privacy

Bodily privacy

Territorial privacy

The Federal Trade Commission (FTC)

State attorneys general

The national data protection authority

Federal financial regulators

True

False

True

False

Common law

Tort law

Contract law

Consent decree

True

False

Department of Homeland Security (DHS)

Department of Commerce (DOC)

Department of State (DOS)

True

False

Binding corporate rule

Code of conduct

Standard contractual clause

Adequacy decision

True

False

True

False

True

False

Defamation

Negligence

Breach of warranty

Strict tort liability