CIPM Exam Prep Questions & Answers

Document Content and Description Below

CIPM Exam Prep Questions & Answers What are the overarching objectives to first establish a privacy program? - ANS - 1) Define Vision 2) Set privacy strategy 3) Develop the team and methods to mea... sure Secondary: 1) Set expectations 2) Ensure daily operations align with objectives 3) Grant Power Developing Company Vision Steps - ANS - 1) Mission Statement: short statement (2-4 sentences) regarding why you make the privacy decisions you do, what it is that you do, show the value placed on privacy, define objectives, define roles 2) Develop Privacy Program Scope: to develop scope, must identify the data, sources of data, the law, the information privacy and security minimum requirements within such law, and the repercussions for failing to conform 3) Obtain executive sponsorship for program Primary Concern of In-House Privacy Professional - ANS - Ensure all law, regs, contractual commitments and industry practices are followed Developing Vision>Privacy Program Scope - ANS - 1) Know the law 2) Know the data Developing Vision>Privacy Program Scope > Know the Data - ANS - Think of the organization as a heat map and/or a plumbing system. Trying to keep all data within the plumbing without any leaks. In areas of high PI processing, and an emphasis on areas of sensitive PI processing, the heatmap becomes more intense. Developing Vision>Privacy Program Scope > Know the Data > Crazy 8 Questions to Ask Regarding Data Processing to Help Define Privacy Program Scope - ANS - 1) Where does it come from and who does it flow to? 2) When is the data collected? 3) What is collected? And how is it collected? 4) Who has access to it? Include third parties. 5) Why is it necessary to have? 6) What is the data being used for? 7) Where is the data stored physically? 8) What are the legal requirements for the data? Developing Vision > Privacy Program Scope > Know the Data > 6 Legal Questions to Ask to Help Define Program Scope - ANS - 1) What PI does the law cover? 2) What types of people/companies are covered? 3) What are the privacy or security requirements or prohibitions? 4) Who enforces the law? 5) What are the repercussions for failure to abide? 6) Why does the law exist? High-Level statutory information security requirements that can be found within various U.S. laws - ANS - 1) Infosec program 2) Encryption 3) PI inventory 4) Training 5) "Reasonable infosec" 6) Privacy Officer 7) Breach notice 8) PCI-DSS 9) Authentication 10) Accountability and 11) Data destruction 12) Retention limits 13) Collection limits 14) Incident response plan (DR and BC) 15) Risk assessments 16) Third-party evaluation 17) Physical controls 18) Background checks 19) Contractual protections High-Level statutory information privacy requirements that can be found within various U.S. laws (11 questiosns) - ANS - 1) Privacy policy 2) Who PI sent to 3) Why and how collected (should include info on cookies, web beacons, urls, IP addresses, etc.) 4) How it's used 5) Secondary consent for any secondary purpose 6) Description of the data lifecycle: collection, use, purpose, disclosure, retention, deletion 7) Contract clauses 8) Controls on what minors can do 9) Data breach procedures 10) Privacy awareness/education 11) Data subject asccess, modification, authentication controls Develop Privacy Program > Set Strategy > Business Alignment > Steps to Implement - ANS - 1) Develop the business case for privacy (risk and operational efficiency) 2) Develop data governance strategy 3) Conduct Privacy Workshop [Show More]

Last updated: 2 years ago

Preview 1 out of 75 pages