CIPP-C Online Practice Questions and Answers

According to the Privacy Act, which of the following disclosures of personal information by a government institution would require the data subject's consent?

A. When disclosing to a law enforcement body.

B. When disclosing to comply with a search warrant.

C. When disclosing to a registered charitable organization.

D. When disclosing to a member of parliament to assist in resolving a problem.

According to the Voluntary Code of Conduct on the Responsible Development and Management of Advanced Generative AI Systems, signatories commit to doing all of the following EXCEPT?

A. Contributing to the development and application of AI standards.

B. Sharing information and best practices of AI governance.

C. Supporting public awareness and education on AI.

D. Adopting low-risk uses of AI.

When a third country or specified entity is said to ensure an adequate level of protection essentially equivalent to that ensured within the European Union, it is awarded a(n)?

A. Equivalency designation.

B. Attestation designation.

C. Adequacy designation.

D. Protection designation.

SCENARIO

Please use the following to answer the next QUESTION:

Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to."

Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.

Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social media. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.

Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.

Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.

Larry wants to take action, but is uncertain how to proceed.

Which act would authorize Evan's undercover investigation?

A. The Whistleblower Protection Act

B. The Stored Communications Act (SCA)

C. The National Labor Relations Act (NLRA)

D. The Fair and Accurate Credit Transactions Act (FACTA)

Which federal act does NOT contain provisions for preempting stricter state laws?

A. The CAN-SPAM Act

B. The Children's Online Privacy Protection Act (COPPA)

C. The Fair and Accurate Credit Transactions Act (FACTA)

D. The Telemarketing Consumer Protection and Fraud Prevention Act

What information did the Red Flag Program Clarification Act of 2010 add to the original Red Flags rule?

A. The most common methods of identity theft.

B. The definition of what constitutes a creditor.

C. The process for proper disposal of sensitive data.

D. The components of an identity theft detection program.

Under the Telemarketing Sales Rule, what characteristics of consent must be in place for an organization to acquire an exception to the Do-Not-Call rules for a particular consumer?

A. The consent must be in writing, must state the times when calls can be made to the consumer and must be signed

B. The consent must be in writing, must contain the number to which calls can be made and must have an end date

C. The consent must be in writing, must contain the number to which calls can be made and must be signed

D. The consent must be in writing, must have an end data and must state the times when calls can be made

Sarah lives in San Francisco, California. Based on a dramatic increase in unsolicited commercial emails, Sarah believes that a major social media platform with over 50 million users has collected a lot of personal information about her. The company that runs the platform is based in New York and France.

Why is Sarah entitled to ask the social media platform to delete the personal information they have collected about her?

A. Any company with a presence in Europe must comply with the General Data Protection Regulation globally, including in response to data subject deletion requests.

B. Under Section 5 of the FTC Act, the Federal Trade Commission has held that refusing to delete an individual's personal information upon request constitutes an unfair practice.

C. The California Consumer Privacy Act entitles Sarah to request deletion of her personal information.

D. The New York "Stop Hacks and Improve Electronic Data Security" (SHIELD) Act requires that businesses under New York's jurisdiction must delete customers' personal information upon request.

What consumer service was the Fair Credit Reporting Act (FCRA) originally intended to provide?

A. The ability to receive reports from multiple credit reporting agencies.

B. The ability to appeal negative credit-based decisions.

C. The ability to correct inaccurate credit information.

D. The ability to investigate incidents of identity theft.

Which of the following best describes what a "private right of action" is?

A. The right of individuals to keep their information private.

B. The right of individuals to submit a request to access their information.

C. The right of individuals harmed by data processing to have their information deleted.

D. The right of individuals harmed by a violation of a law to file a lawsuit against the violation.