Online Access Free CIPP-US Practice Test

In what way is the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN- SPAM) Act intended to help consumers?

• A.By providing consumers with free spam-filtering software.
• B.By requiring a company to receive an opt-in before sending any advertising e-mails.
• C.By prohibiting companies from sending objectionable content through unsolicited e-mails.
• D.By requiring companies to allow consumers to opt-out of future e-mails.

Chanel Hair Studio is a busy high-end hair salon. In an effort to maximize efficiency of its operations and reduce wait times for appointments, Chanel decides to implement artificial intelligence software that will use client profiles and history to predict which clients will likely be late for their appointments. Information used to create the client profile included appointment history, distance from the salon, and any references to being tardy pulled from the client's social media accounts. If a client is predicted to be late, their appointment will be cancelled within 5 minutes.
Based on the details, what is the biggest potential privacy concern related to Chanel's use of this new software?

• A.Assessing client tardiness history with the salon for predictive purposes.
• B.Calculating client profile address distance from the salon to determine location from salon to help predict if the client will be late.
• C.Scanning a client's social media accounts to use in a client profile without notice to the client.
• D.Using client profile information for any purpose other than setting up an appointment.

SCENARIO
Please use the following to answer the next question:
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to customer information nor procedures for purging and destroying outdated data. In her research, Roberta had discovered that even low- level employees had access to all of the company's customer data, including financial records, and that the company still had in its possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis.
This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information.
Third, identify outdated customer information and then develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now considered the responsibility of every employee.
What could the company have done differently prior to the breach to reduce their risk?

• A.Communicated requests for changes to users' preferences across the organization and with third parties.
• B.Honored the promise of its privacy policy to acquire information by using an opt-in method.
• C.Looked for any persistent threats to security that could compromise the company's network.
• D.Implemented a comprehensive policy for accessing customer information.

What practice does the USA FREEDOM Act NOT authorize?

• A.An increase in the maximum penalty for material support to terrorism
• B.Emergency exceptions that allows the government to target roamers
• C.An extension of the expiration for roving wiretaps
• D.The bulk collection of telephone data and internet metadata

SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop. "Doing your network?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?" "It's asking Questions about my opinions."
"Let me see," Matt said, and began reading the list of Questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd.
You're only ten."
Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer Questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
How does Matt come to the decision to report the marketer's activities?

• A.The marketer failed to identify himself and indicate the purpose of the messages
• B.The marketer did not provide evidence that the prize books were appropriate for children
• C.The marketer failed to make an adequate attempt to provide Matt with information
• D.The marketer seems to have distributed his son's information without Matt's permission