Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

IAPP CIPM - Certified Information Privacy Manager (CIPM)

IAPP CIPM Premium Access     Download Demo    
Page: 6 / 9
Total 274 questions

SCENARIO

Please use the following to answer the next QUESTION:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the

practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office's strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year's end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed.

Richard needs to closely monitor the vendor in charge of creating the firm's database mainly because of what?

A.

The vendor will be required to report any privacy violations to the appropriate authorities.

B.

The vendor may not be aware of the privacy implications involved in the project.

C.

The vendor may not be forthcoming about the vulnerabilities of the database.

D.

The vendor will be in direct contact with all of the law firm's personal data.

If an organization maintains a separate ethics office, to whom would its officer typically report to in order to retain the greatest degree of independence?

A.

The Board of Directors.

B.

The Chief Financial Officer.

C.

The Human Resources Director.

D.

The organization's General Counsel.

K a privacy professional wants to show that an organization's privacy program is working as intended, the professional should?

A.

Collect feedback from customers about the privacy program.

B.

Carry out a personal data breach tabletop exercise.

C.

Collect and analyze privacy program metrics.

D.

Review privacy policies.

A company's human resources (HR) group is working with their information security team lo tag data within their systems as ''special data" or "sensitive data" What is the most probable reason for the group to do so?

A.

To ensure the data is fully controlled and used for only authorized purposes.

B.

To apply the organization's data deletion standard.

C.

To create a robust record of processing activities.

D.

To prepare for an upcoming regulatory audit under GDPR.

You are the privacy officer at a university. Recently, the police have contacted you as they suspect that one of your students is using a library computer to commit financial fraud. The police would like your assistance in investigating this individual and are requesting computer logs and usage data of the student.

What Is your first step in responding to the request?

A.

Refuse the request as the police do not have a warrant.

B.

Provide the data to police and record it for your own archives.

C.

Contact the university's legal counsel to determine if the request is lawful.

D.

Review policies, procedures and legislation to determine the university's obligation to co-operate with the police.

Which of the following would be least beneficial in integrating privacy requirements and representation into functional areas across an organization?

A.

Creating a structure that provides a communication chain (formally and informally) that a privacy professional can use in performing key data protection activities.

B.

Creating a governance structure composed of representatives from each business function and geographic region in which the organization has a presence.

C.

Creating a program where the privacy officer (or privacy team) can lead on privacy matters by having exclusive responsibility to execute the privacy mission.

D.

Creating a privacy committee or council composed of various stakeholders.

What have experts identified as an important trend in privacy program development?

A.

The narrowing of regulatory definitions of personal information.

B.

The rollback of ambitious programs due to budgetary restraints.

C.

The movement beyond crisis management to proactive prevention.

D.

The stabilization of programs as the pace of new legal mandates slows.

A Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA) and Data Protection Impact Assessment (DPIA) are conducted during what phase of a System Development Life Cycle (SDLC)?

A.

Testing.

B.

Design.

C.

Deployment.

D.

Maintenance.

When implementing an organization's privacy program, what right should be granted to the data subject?

A.

To have their data amended or erased if errors are found.

B.

To limit or refuse the disclosure of their data for any reason.

C.

To provide feedback regarding an organization's privacy policy.

D.

To verify that an organization uses the highest level of privacy protection available.

(What is the main function of the Asia-Pacific Economic Cooperation (APEC) Privacy Framework?)

A.

Managing the data flows from parties outside the region.

B.

Establishing legal requirements for privacy protection in the region.

C.

Promoting privacy protection technologies developed in the region.

D.

Promoting consumer trust and business confidence in cross-border data flows