最新的IAPP Certified Information Privacy Professional/United States (CIPP/US) - CIPP-US免費考試真題
Which of the following scenarios would NOT be covered under HIPAA?
正確答案: C
說明:(僅 Fast2test 成員可見)
SCENARIO
Please use the following to answer the next question:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US- based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company." This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.
As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
Under the General Data Protection Regulation (GDPR), how would the U.S.-based startup company most likely be classified?
Please use the following to answer the next question:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US- based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company." This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.
As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
Under the General Data Protection Regulation (GDPR), how would the U.S.-based startup company most likely be classified?
正確答案: D
說明:(僅 Fast2test 成員可見)
Based on the 2012 Federal Trade Commission report "Protecting Consumer Privacy in an Era of Rapid Change", which of the following directives is most important for businesses?
正確答案: B
說明:(僅 Fast2test 成員可見)
In 2012, the White House and the FTC both issued reports advocating a new approach to privacy enforcement that can best be described as what?
正確答案: C
說明:(僅 Fast2test 成員可見)
The concept of data portability refers to what?
正確答案: B
說明:(僅 Fast2test 成員可見)
Who has the right to private action regarding violations of the CAN-SPAM Act?
正確答案: B
說明:(僅 Fast2test 成員可見)
A company based in United States receives information about its UK subsidiary's employees in connection with the centralized HR service it provides. How can the UK company ensure an adequate level of data protection that would allow the restricted data transfer to continue?
正確答案: B
說明:(僅 Fast2test 成員可見)
A financial services company install "bossware" software on its employees' remote computers to monitor performance. The software logs screenshots, mouse movements, and keystrokes to determine whether an employee is being productive. The software can also enable the computer webcams to record video footage.
Which of the following would best support an employee claim for an intrusion upon seclusion tort?
Which of the following would best support an employee claim for an intrusion upon seclusion tort?
正確答案: C
說明:(僅 Fast2test 成員可見)
U.S. federal laws protect individuals from employment discriminaton based on all of the following EXCEPT?
正確答案: C
說明:(僅 Fast2test 成員可見)
What role does the U.S. Constitution play in the area of workplace privacy?
正確答案: A
說明:(僅 Fast2test 成員可見)
According to the Children's Online Privacy Protection Rule, all the following would be considered personal information EXCEPT:
正確答案: C
說明:(僅 Fast2test 成員可見)