IAPP CIPP-US CIPPUS Exam Practice Test Instant Access

Question 1

Which of the following privacy rights is NOT available under the Colorado Privacy Act?

AThe right to access sensitive data.

BThe right to correct sensitive data.

CThe right to delete sensitive data.

DThe right to limit the use of sensitive data.

Answer : D

'The CPA grants Colorado Consumers new rights with respect to their personal data, including the right to access, delete, and correct their personal data as well as the right to opt out of the sale of their personal data or its use for targeted advertising or certain kinds of profiling.'

https://coag.gov/resources/colorado-privacy-act/

Even without knowing for certain the answer, one can reason that it should be D. It would be administratively difficult for businesses to adhere to varying limitation requests for each consumer... Therefore such a right would not make sense from a public policy perspective.

Question 2

Mega Corp. is a U.S.-based business with employees in California, Virginia, and Colorado. Which of the following must Mega Corp. comply with in regard to its human resources data?

ACalifornia Privacy Rights Act.

BCalifornia Privacy Rights Act and Virginia Consumer Data Protection Act.

CCalifornia Privacy Rights Act and Colorado Privacy Act.

DCalifornia Privacy Rights Act, Virginia Consumer Data Protection Act, and Colorado Privacy Act.

Answer : A

Question 3

What was unique about the action that the Federal Trade Commission took against B.J.'s Wholesale Club in 2005?

AIt made third-party audits a penalty for policy violations.

BIt was based on matters of fairness rather than deception.

CIt was the first substantial U.S.-EU Safe Harbor enforcement.

DIt made user consent mandatory after any revisions of policy.

Answer : B

Per the FTC Press Release in 2005, 'BJ's Wholesale Club, Inc. has agreed to settle Federal Trade Commission charges that its failure to take appropriate security measures to protect the sensitive information of thousands of its customers was an unfair practice that violated federal law.'

Question 4

Which of the following practices is NOT a key component of a data ethics framework?

AAutomated decision-making.

BPreferability testing.

CData governance.

DAuditing.

Answer : B

Question 5

Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?

ALaw enforcement agencies performing investigations.

BInsurance companies needing to investigate claims.

CAttorneys gathering information related to lawsuits.

DMarketers wishing to distribute bulk materials.

Answer : D

https://dmv.ny.gov/forms/mv15dppa.pdf

Question 6

In 2012, the White House and the FTC both issued reports advocating a new approach to privacy enforcement that can best be described as what?

AHarm-based.

BSelf-regulatory.

CComprehensive.

DNotice and choice.

Answer : C

Question 7

U.S. federal laws protect individuals from employment discrimination based on all of the following EXCEPT?

AAge.

BPregnancy.

CMarital status.

DGenetic information.

Answer : C

IAPP Certified Information Privacy Professional/United States CIPP/US Exam Practice Test