CIPP/U.S. Practice Questions

CIPP/U.S. Practice Questions Which is the best description of the U.S. legal concept of "preemption"? - ANS - The superior government has the right to supersede the lesser government's laws. The lesser government cann ...

CIPP/U.S. Practice Questions Which is the best description of the U.S. legal concept of "preemption"? - ANS - The superior government has the right to supersede the lesser government's laws. The lesser government cannot pass a law that is inconsistent with the superior government's law. What is one reason consent decrees are posted publicly on the FTC website? - ANS - to provide guidance about what practices the FTC finds inappropriate Which of the following is considered an acceptable method for U.S.-based multinational transportation companies to achieve compliance with the EU Data Protection Directive? - ANS - binding corporate rules Which statement is true regarding transfers of personal information to locations outside of the U.S.? - ANS - U.S. laws generally do not restrict geographic transfers of personal information. What is the primary basis of common law? - ANS - legal precedent and social customs. What should a U.S.-based organization do before it shares personal information with a U.S.- based third party? - ANS - assure appropriate privacy terms and conditions are included in a contract with the third party What is the role of a U.S.-based software-as-a-service provider that stores employee personal data for a global company headquartered in the U.S. with subsidiaries in the EU? - ANS - data processor Which federal agency has specific statutory responsibility for issues such as children's privacy online and commercial email marketing? - ANS - Federal Trade Commission Under the Children's Online Privacy Protection Act, which is an accepted means for an organization to validate parental consent when it intends to disclose a child's information to a third party? - ANS - Email a consent form. The parent can provide consent by signing and mailing back the form. In addition to the Security Rule, what other rule was promulgated by Health and Human Services and mandated by the Health Insurance Portability and Accountability Act? - ANS - Privacy Rule Which of the following examples best illustrates the concept of "consumer report" for preemployment screening as defined under the U.S. Fair Credit Reporting Act? - ANS - driving history obtained from an information aggregator Which of the statements about the requirements for privacy under the U.S. Gramm-Leach-Bliley Act (GLBA) is true? - ANS - Financial institutions can share customer information with nonaffiliated third-party companies without obtaining an opt-in from the customer. What does the "red flags rule" require of financial institutions? - ANS - They must develop and implement methods of detecting identity theft. The "Digital Telephony Bill" is another name for which legislation? - ANS - U.S. Communications Assistance to Law Enforcement Act Which condition must be met to satisfy the Right to Financial Privacy Act requirements for disclosure of individual records by financial institutions? - ANS - The financial records are reasonably described. Which U.S. state requires daily electronic notice in order for an employer to monitor or intercept electronic mail? - ANS - Delaware Under the USA PATRIOT Act and its amendments, which statement is correct concerning National Security Letters (NSL)? - ANS - An organization receiving an NSL may disclose the request to an attorney for legal assistance. Which investigative tactic requires a probable cause and other requirements, such as exhausting alternative means of acquiring the evidence? - ANS - telephone wiretap Based on Aerospaciale v. S.D. of Iowa, which is NOT a factor American courts will use to reconcile a conflict between U.S. and foreign law regarding electronic discovery requests? - ANS - whether counsel for both parties are based in the U.S. What changes did the FISA Amendments Act of 2008 make to the original Foreign Intelligence Surveillance Act of 1978? - ANS - legal authorization of some new surveillance practices Which two actions are required under the Fair Credit Reporting Act in order for an employer to obtain a consumer report on a job applicant? - ANS - obtain applicant's written consent and provide applicant with a copy of the credit report before taking an adverse action All of the following are considered acceptable reasons for sharing records of U.S. employees with third parties without obtaining the consent of the employees except: - ANS - test marketing the company's new products All of the following are considered acceptable lines of questioning by U.S. employers to applicants in the pre-employment process except: - ANS - questions on whether an applicant has applied for or received worker's compensation In terms of U.S. employees' workplace privacy rights, all of the following are acceptable monitoring techniques available to employers except: - ANS - secret surveillance All of the following are valid privacy protection procedures when terminating an employee who has access to sensitive personal information except: - ANS - asking the employee to sign the privacy policy immediately before conducting the exit interview Security laws in U.S. states often restrict: - ANS - the display of Social Security numbers on identification cards For those states that have security breach notification requirements, what general information must the breach-of-personally-identifiable-information notification letter to the individual include? - ANS - brief description of the incident, type of information involved, and a toll-free number for answers to questions The act of video monitoring the workplace is likely to survive a legal challenge under U.S. law provided that: - ANS - monitoring is limited to "non-private" areas of the workplace The loss of names and what other data point would require an employer to notify affected individuals? - ANS - Social Security numbers If a company located in Massachusetts maintains all of its employees' personal information in a hosted online database in Florida, what must the third-party service provider agree to? - ANS - a confidentiality provision