Personally Identifiable Information (PII)
v4.0
Which action requires an organization to carry out a Privacy Impact Assessment?
A. Storing paper-based records
B. Collecting PII to store in a new information system
C.
...
Personally Identifiable Information (PII)
v4.0
Which action requires an organization to carry out a Privacy Impact Assessment?
A. Storing paper-based records
B. Collecting PII to store in a new information system
C. Collecting any CUI. including but not limited to PII
D. Collecting PII to store in a National Security System - ANS - B. Collecting PII to store in a
new information system
Which of the following is an example of a physical safeguard that individuals can use to protect
PII? - ANS - All of the above
What is the purpose of a Privacy Impact Assessment (PIA)?
A. Determine whether paper-based records are stored securely
B. Determine whether information must be disclosed according to the Freedom of Information
Act (FOIA)
C. Determine whether the collection and maintenance of PII is worth the risk to individuals
D. Determine whether Protected Health Information (PHI) is held by a covered entity - ANS - C.
Determine whether the collection and maintenance of PII is worth the risk to individuals
T or F? Information that can be combined with other information to link solely to an individual is
considered PII. - ANS - True
What guidance identifies federal information security controls?
A. DoD 5400.11-R: DoD Privacy Program
B. The Freedom of Information Act (FOIA)
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally
Identifiable Information
D. The Privacy Act of 1974 - ANS - C. OMB Memorandum M-17-12: Preparing for and
Responding to a Breach of Personally Identifiable Information
An organization that fails to protect PII can face consequences including:
A. Remediation costs
B. Loss of trust
C. Legal liability
D. All of the above - ANS - D. All of the above
If someone tampers with or steals and individual's PII, they could be exposed to which of the
following?
A. Embarrassment
B. Fraud
C. Identity theft
D. All of the above - ANS - D. All of the above
Which of the following is NOT a permitted disclosure of PII contained in a system of records?
a. The individual has requested that their record be disclosed.
b. The record is disclosed for routine use.
c. All permitted disclosures.
d. The record is disclosed for a new purpose that is not specified in the SORN. - ANS - d. The
record is disclosed for a new purpose that is not specified in the SORN.
Which of the following is not an example of PII?
[Show More]
.png)
.png)
