Verified CIPP-US Q&As - Pass Guarantee CIPP-US Exam Dumps [Q70-Q91]

Share

Verified CIPP-US Q&As - Pass Guarantee CIPP-US Exam Dumps

Check the Free demo of our CIPP-US Exam Dumps with 194 Questions


Achieving the CIPP-US certification is a valuable asset to any privacy professional looking to advance their career. It demonstrates a commitment to the highest standards of professionalism and ethical conduct in the field of privacy, and validates an individual's expertise and knowledge of US privacy laws and regulations. With the increasing importance of privacy in today's digital age, the demand for certified privacy professionals is growing, making the CIPP-US certification an essential credential for anyone looking to pursue a career in privacy.


The Certified Information Privacy Professional/United States (CIPP/US) certification exam is a globally recognized certification offered by the International Association of Privacy Professionals (IAPP). The IAPP is the largest and most comprehensive global information privacy community and resource, providing a forum for privacy professionals to share best practices, track trends, advance privacy management issues, and share knowledge and expertise.

 

NEW QUESTION # 70
Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?

  • A. Law enforcement agencies performing investigations.
  • B. Attorneys gathering information related to lawsuits.
  • C. Insurance companies needing to investigate claims.
  • D. Marketers wishing to distribute bulk materials.

Answer: D

Explanation:
The Driver's Privacy Protection Act (DPPA) is a federal law that regulates the disclosure of personal information obtained by state departments of motor vehicles (DMVs). The DPPA prohibits DMVs and other entities that receive such information from DMVs from disclosing it to anyone without the express consent of the individual to whom the information pertains, unless the disclosure falls under one of the 14 exceptions listed in the statute.
Some of the exceptions that allow disclosure of personal information from DMV records without consent are:
* For use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a government agency in carrying out its functions.
* For use in connection with matters of motor vehicle or driver safety and theft; motor vehicle emissions; motor vehicle product alterations, recalls, or advisories; performance monitoring of motor vehicles, motor vehicle parts and dealers; motor vehicle market research activities, including survey research; and removal of non-owner records from the original owner records of motor vehicle manufacturers.
* For use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only to verify the accuracy of personal information submitted by the individual to the business or its agents, employees, or contractors; and if such information as so submitted is not correct or is no longer correct, to obtain the correct information, but only for the purposes of preventing fraud by, pursuing legal remedies against, or recovering on a debt or security interest against, the individual.
* For use in connection with any civil, criminal, administrative, or arbitral proceeding in any federal, state, or local court or agency or before any self-regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a federal, state, or local court.
* For use in research activities, and for use in producing statistical reports, so long as the personal information is not published, redisclosed, or used to contact individuals.
* For use by any insurer or insurance support organization, or by a self-insured entity, or its agents, employees, or contractors, in connection with claims investigation activities, antifraud activities, rating or underwriting.
* For use in providing notice to the owners of towed or impounded vehicles.
* For use by any licensed private investigative agency or licensed security service for any purpose permitted under this subsection.
* For use by an employer or its agent or insurer to obtain or verify information relating to a holder of a commercial driver's license that is required under chapter 313 of title 49.
* For use in connection with the operation of private toll transportation facilities.
* For any other use specifically authorized under the law of the state that holds the record, if such use is related to the operation of a motor vehicle or public safety.
None of the exceptions above apply to the use of personal information from DMV records by marketers wishing to distribute bulk materials. Therefore, such use would require the consent of the individual to whom the information pertains, according to the DPPA. Hence, option D is the correct answer.
Option A is incorrect, as law enforcement agencies performing investigations are exempt from the consent requirement under the first exception.
Option B is incorrect, as insurance companies needing to investigate claims are exempt from the consent requirement under the sixth exception.
Option C is incorrect, as attorneys gathering information related to lawsuits are exempt from the consent requirement under the fourth exception.
References:
* [IAPP CIPP/US Study Guide], Chapter 8: Federal Privacy Laws, pp. 181-182.
* CIPP/US Practice Questions (Sample Questions), Question 31.


NEW QUESTION # 71
The CFO of a pharmaceutical company is duped by a phishing email and discloses many of the company's employee personnel files to an online predator. The files include employee contact information, job applications, performance reviews, discipline records, and job descriptions.
Which of the following state laws would be an affected employee's best recourse against the employer?

  • A. The state personnel record review statute.
  • B. The state data destruction statute.
  • C. The state UDAP statute.
  • D. The state social security number confidentiality statute.

Answer: C

Explanation:
The state UDAP statute, which stands for Unfair and Deceptive Acts and Practices, is a law that protects consumers from unfair or deceptive business practices. In this case, the employer's failure to protect the employee's personal information from a phishing attack could be considered an unfair or deceptive act or practice that harmed the employee. The employee could sue the employer under the state UDAP statute for damages, injunctive relief, or other remedies. The other options are not relevant to this scenario, as they deal with different aspects of data protection, such as confidentiality, access, or destruction of personal information. References:
* [IAPP CIPP/US Study Guide], Chapter 8, Section 8.3.1, page 227
* IAPP CIPP/US Practice Questions, Question 153, page 13


NEW QUESTION # 72
California's SB 1386 was the first law of its type in the United States to do what?

  • A. Require commercial entities to disclose a security data breach concerning personal information about the state's residents
  • B. Require encryption of sensitive information stored on servers that are Internet connected
  • C. Require notification of non-California residents of a breach that occurred in California
  • D. Require state attorney general enforcement of federal regulations against unfair and deceptive trade practices

Answer: A

Explanation:
Explanation/Reference: https://corporate.findlaw.com/law-library/california-raises-the-bar-on-data-security-and-privacy.html


NEW QUESTION # 73
SCENARIO
Please use the following to answer the next QUESTION:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to." Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.
Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social media. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentionedthis to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
In what area does Larry have a misconception about private-sector employee rights?

  • A. The strict nature of state law
  • B. The applicability of federal law
  • C. The definition of tort law
  • D. The enforceability of local law

Answer: B

Explanation:
Larry has a misconception about the applicability of federal law to private-sector employee rights. He believes that the U.S. Constitution protects American workers from various forms of discrimination, harassment, and invasion of privacy by their employers. However, the U.S. Constitution only applies to government actions, not private actions, unless there is a specific federal statute that extends constitutional protections to the private sector1. For example, the Civil Rights Act of 1964 prohibits discrimination on the basis of race, color, religion, sex, or national origin by private employers2. The Electronic Communications Privacy Act of 1986 regulates the interception and disclosure of electronic communications by private parties3. The CAN-SPAM Act of 2003 sets the rules for commercial email and gives recipients the right to opt out of receiving unwanted messages4. These are examples of federal laws that apply to private-sector employees, but they do not cover all the situations that Larry faces at SunriseLynx. For instance, there is no federal law that protects private-sector employees from political discrimination or from having their personal mail opened by their employers. Larry may have to rely on state laws or common law torts to seek redress for these violations of his rights. References: 1: Private Sector vs. Public Sector Employee Rights2: [Civil Rights Act of 1964 - Wikipedia] 3: [Electronic Communications Privacy Act - Wikipedia] 4: CAN-SPAM Act: A Compliance Guide for Business : IAPP CIPP/US Certified Information Privacy Professional Study Guide, Chapter 5:
Federal Trade Commission and Consumer Privacy, p. 141-142


NEW QUESTION # 74
Under state breach notification laws, which is NOT typically included in the definition of personal information?

  • A. First and last name
  • B. State identification number
  • C. Social Security number
  • D. Medical Information

Answer: A

Explanation:
Under state breach notification laws, personal information is typically defined as an individual's first name or first initial and last name plus one or more other data elements, such as Social Security number, state identification number, account number, medical information, etc. However, first and last name alone are not usually considered personal information, unless they are combined with other data elements that could identify the individual or compromise their security or privacy. Therefore, option B is the correct answer, as it is not typically included in the definition of personal information under state breach notification laws. References: https://www.ncsl.org/technology-and-communication/security-breach-notification-lawshttps://


NEW QUESTION # 75
Acme Student Loan Company has developed an artificial intelligence algorithm that determines whether an individual is likely to pay their bill or default. A person who is determined by the algorithm to be more likely to default will receive frequent payment reminder calls, while those who are less likely to default will not receive payment reminders.
Which of the following most accurately reflects the privacy concerns with Acme Student Loan Company using artificial intelligence in this manner?

  • A. If the algorithm makes automated decisions based on risk factors and public information, Acme need not determine if the algorithm has a disparate impact on protected classes.
  • B. If the algorithm uses information about protected classes to make automated decisions, Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output.
  • C. If the algorithm uses risk factors that impact the automatic decision engine. Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output.
  • D. If the algorithm's methodology is disclosed to consumers, then it is acceptable for Acme to have a disparate impact on protected classes.

Answer: A


NEW QUESTION # 76
SCENARIO
Please use the following to answer the next question :
You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo's business associate agreement (BAA) with CloudHealth, HealthCo requires CloudHealth to implement security measures, including industry standard encryption practices, to adequately protect the data. However, HealthCo did not perform due diligence on CloudHealth before entering the contract, and has not conducted audits of CloudHealth's security measures.
A CloudHealth employee has recently become the victim of a phishing attack. When the employee unintentionally clicked on a link from a suspicious email, the PHI of more than 10,000 HealthCo patients was compromised. It has since been published online. The HealthCo cybersecurity team quickly identifies the perpetrator as a known hacker who has launched similar attacks on other hospitals - ones that exposed the PHI of public figures including celebrities and politicians.
During the course of its investigation, HealthCo discovers that CloudHealth has not encrypted the PHI in accordance with the terms of its contract. In addition, CloudHealth has not provided privacy or security training to its employees. Law enforcement has requested that HealthCo provide its investigative report of the breach and a copy of the PHI of the individuals affected.
A patient affected by the breach then sues HealthCo, claiming that the company did not adequately protect the individual's ePHI, and that he has suffered substantial harm as a result of the exposed data. The patient's attorney has submitted a discovery request for the ePHI exposed in the breach.
What is the most effective kind of training CloudHealth could have given its employees to help prevent this type of data breach?

  • A. Training on the terms of the contractual agreement with HealthCo
  • B. Training on the difference between confidential and non-public information
  • C. Training on techniques for identifying phishing attempts
  • D. Training on CloudHealth's HR policy regarding the role of employees involved data breaches

Answer: C


NEW QUESTION # 77
All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?

  • A. Healthcare providers
  • B. Health plans
  • C. Healthcare information clearinghouses
  • D. Pharmaceutical companies

Answer: A

Explanation:
* The Privacy Act of 1974 is a federal law that regulates the collection, use, and disclosure of personal information by federal agencies.
* The Privacy Act of 1974 applies to records that are maintained in a system of records, which is defined as a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifier assigned to the individual.
* The Privacy Act of 1974 grants individuals the right to access and amend their records, and requires agencies to provide notice of their systems of records, establish safeguards for the protection of the records, and limit the disclosure of the records to certain authorized purposes.
* The Privacy Act of 1974 also establishes civil and criminal penalties for violations of the law, such as unauthorized disclosure, failure to publish a notice, or refusal to grant access or amendment.
* The Privacy Act of 1974 does NOT require agencies to obtain the consent of the individual before collecting their personal information. However, the Privacy Act of 1974 does require agencies to inform the individual of the authority for the collection, the purpose and use of the collection, and the effects of not providing the information.
References: : [Overview of the Privacy Act of 1974]


NEW QUESTION # 78
Even when dealing with an organization subject to the CCPA, California residents are NOT legally entitled to request that the organization do what?

  • A. Delete their personal information.
  • B. Correct their personal information.
  • C. Refrain from selling their personal information to third parties.
  • D. Disclose their personal information to them.

Answer: B


NEW QUESTION # 79
According to FERPA, when can a school disclose records without a student's consent?

  • A. If the disclosure is to provide transcripts to a school where a student intends to enroll
  • B. If the disclosure is not to be conducted through email to the third party
  • C. If the disclosure is to practitioners who are involved in a student's health care
  • D. If the disclosure would not reveal a student's student identification number

Answer: A

Explanation:
Explanation/Reference: https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html


NEW QUESTION # 80
SuperMart is a large Nevada-based business that has recently determined it sells what constitutes "covered information" under Nevada's privacy law, Senate Bill 260. Which of the following privacy compliance steps would best help SuperMart comply with the law?

  • A. Implementing internal protocols for handling access and deletion requests.
  • B. Preparing a notice of financial incentive for any loyalty programs offered to its customers.
  • C. Providing a mechanism for consumers to opt out of sales.
  • D. Reviewing its vendor contracts to ensure that the vendors are subject to service provider restrictions.

Answer: C

Explanation:
SB 260 relates to consumer ability to opt-out of PII sales by data brokers. https://www.leg.state.nv.us/App/NELIS/REL/81st2021/Bill/7805/Text


NEW QUESTION # 81
Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.
Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?

  • A. If the personal information stolen included the individuals' names and credit card pin numbers.
  • B. If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.
  • C. If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.
  • D. If the job candidates' credit card information and the encryption keys were among the information taken.

Answer: D

Explanation:
Under the California Consumer Privacy Act (CCPA), a business that collects personal information of California residents must notify them of a data breach if their personal information is subject to unauthorized access and exfiltration, theft, or disclosure as a result of the business's violation of the duty to implement and maintain reasonable security procedures and practices. However, the CCPA excludes encrypted or redacted personal information from the definition of personal information, unless the encryption key or security credential is also compromised. Therefore, Privacy Is Hiring Inc. would need to notify the affected individuals only if the encryption keys were also taken along with the credit card information, as this would render the encryption ineffective and expose the personal information to unauthorized access. The other options are not relevant to the CCPA notification requirement, although they may be relevant to other laws or best practices. References: CCPA (Section 1798.150), IAPP CIPP/US Study Guide (p. 63-64)


NEW QUESTION # 82
SCENARIO
Please use the following to answer the next QUESTION:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company." This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.
As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
At this stage of the investigation, what should the data privacy leader review first?

  • A. The text of the original complaint
  • B. Available data flow diagrams
  • C. The company's data privacy policies
  • D. Prevailing regulation on this subject

Answer: B

Explanation:
Data flow diagrams are graphical representations of how data moves within an organization or between different entities. They can help identify the sources, destinations, and processing of personal data, as well as the legal basis, retention periods, and security measures for each data flow. Reviewing the available data flow diagrams can help the data privacy leader to quickly and accurately respond to the urgent request from the EU- based retail partner, as well as to assess the potential risks and compliance gaps in the data transfer process.
Data flow diagrams are also a key component of data protection impact assessments (DPIAs), which are required by the GDPR for high-risk processing activities. References:
* IAPP CIPP/US Body of Knowledge, Section II, A, 2
* [IAPP CIPP/US Study Guide, Chapter 2, Section 2.3]
* [GDPR, Article 35]


NEW QUESTION # 83
Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

  • A. Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e.g., in person), which also satisfies any requirements for online consent.
  • B. Affirmative consent from a minor's parent or guardian before collecting the minor's personal information online.
  • C. Implied consent from a minor's parent or guardian, or affirmative consent from the minor.
  • D. Implied consent from a minor's parent or guardian before collecting a minor's personal information online, such as when they permit the minor to use the internet.

Answer: B

Explanation:
The Children's Online Privacy Protection Act (COPPA) is a federal law that regulates the online collection and use of personal information from children under 13 years of age. COPPA requires operators of websites or online services that are directed to children, or that knowingly collect personal information from children, to obtain verifiable parental consent before collecting, using, or disclosing such information. Verifiable parental consent means any reasonable effort (taking into consideration available technology) to ensure that before personal information is collected from a child, the child's parent receives notice of the operator's information practices and consents to those practices. COPPA also imposes other obligations on operators, such as providing parents with access to their children's information, maintaining reasonable security measures, and limiting data retention. References: COPPA, IAPP CIPP/US Study Guide, Chapter 2, Section 2.3.1


NEW QUESTION # 84
Even when dealing with an organization subject to the CCPA, California residents are NOT legally entitled to request that the organization do what?

  • A. Delete their personal information.
  • B. Disclose their personal information to them.
  • C. Correct their personal information.
  • D. Refrain from selling their personal information to third parties.

Answer: B

Explanation:
https://oag.ca.gov/privacy/ccpa


NEW QUESTION # 85
SCENARIO
Please use the following to answer the next QUESTION
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop. "Doing your homework?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?" "It's asking QUESTIONs about my opinions."
"Let me see," Matt said, and began reading the list of
QUESTION s that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer QUESTIONs about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
Depending on where Matt lives, the marketer could be prosecuted for violating which of the following?

  • A. Unfair and Deceptive Acts and Practices laws.
  • B. Consumer Bill of Rights.
  • C. Red Flag Rules.
  • D. Investigative Consumer Reporting Agencies Act.

Answer: A


NEW QUESTION # 86
Which of the following does Title VII of the Civil Rights Act prohibit an employer from asking a job applicant?

  • A. Questions about a national origin
  • B. Questions about intended pregnancy
  • C. Questions about a disability
  • D. Questions about age

Answer: B

Explanation:
Title VII of the Civil Rights Act of 1964 is a federal law that prohibits employment discrimination based on race, color, religion, sex, and national origin1 It also prohibits retaliation against individuals who assert their rights under the law or participate in an EEOC investigation1 Title VII applies to employers with 15 or more employees, as well as to employment agencies, labor organizations, and joint labor-management committees1 Title VII prohibits employers from making pre-employment inquiries that express a preference, limitation, or specification based on any of the protected characteristics, unless they are bona fide occupational qualifications (BFOQs)2 BFOQs are rare and narrowly construed exceptions that allow employers to consider a protected characteristic when it is reasonably necessary to the normal operation of the business2 For example, a religious organization may require its employees to share its faith, or a women's shelter may hire only female counselors2 Option A is incorrect because questions about age are not prohibited by Title VII, but by the Age Discrimination in Employment Act of 1967 (ADEA), which protects individuals who are 40 years of age or older from employment discrimination based on age3 The ADEA generally prohibits employers from asking applicants about their age or date of birth, unless age is a BFOQ or the inquiry is part of a lawful affirmative action plan3 Option B is incorrect because questions about a disability are not prohibited by Title VII, but by the Americans with Disabilities Act of 1990 (ADA), which protects qualified individuals with disabilities from employment discrimination based on disability4 The ADA generally prohibits employers from asking applicants about whether they have a disability or the nature or severity of a disability, unless the inquiry is related to the ability to perform the essential functions of the job with or without reasonable accommodation4 Option C is incorrect because questions about a national origin are prohibited by Title VII, but not in all circumstances. Title VII prohibits employers from asking applicants about their national origin, ancestry, birthplace, native language, or accent, unless they are BFOQs or the inquiry is related to a legitimate business purpose, such as verifying eligibility to work in the United States or assessing language proficiency for a job that requires communication skills25 Option D is correct because questions about intended pregnancy are prohibited by Title VII, as amended by the Pregnancy Discrimination Act of 1978 (PDA), which protects women from employment discrimination based on pregnancy, childbirth, or related medical conditions. The PDA prohibits employers from asking applicants about whether they are pregnant or intend to become pregnant, unless they are related to the ability to perform the job. Such questions may indicate an intent to discriminate based on sex or pregnancy, or may deter women from applying for certain jobs.
References: 1: Title VII of the Civil Rights Act of 1964 | U.S. Equal Employment Opportunity Commission 2: Questions and Answers about Race and Color Discrimination in Employment | U.S. Equal Employment Opportunity Commission 3: Age Discrimination | U.S. Equal Employment Opportunity Commission 4: Disability Discrimination | U.S. Equal Employment Opportunity Commission 5: National Origin Discrimination | U.S. Equal Employment Opportunity Commission : Pregnancy Discrimination | U.S.
Equal Employment Opportunity Commission


NEW QUESTION # 87
SCENARIO
Please use the following to answer the next QUESTION:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your network?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?" "It's asking Questions about my opinions."
"Let me see," Matt said, and began reading the list of Questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer Questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
How does Matt come to the decision to report the marketer's activities?

  • A. The marketer seems to have distributed his son's information without Matt's permission
  • B. The marketer failed to make an adequate attempt to provide Matt with information
  • C. The marketer failed to identify himself and indicate the purpose of the messages
  • D. The marketer did not provide evidence that the prize books were appropriate for children

Answer: A

Explanation:
Matt's decision to report the marketer's activities is based on his suspicion that the marketer violated the Children's Online Privacy Protection Act (COPPA), which is a federal law that regulates the online collection, use, and disclosure of personal information from children under 13 years of age1. According to COPPA, operators of websites or online services that are directed to children or knowingly collect personal information from children must:
* Provide notice to parents about their information practices and obtain verifiable parental consent before collecting, using, or disclosing personal information from children12.
* Give parents the choice of consenting to the operator's collection and internal use of a child's information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents)12.
* Provide parents access to their child's personal information to review and/or have the information deleted and give parents the opportunity to prevent further use or online collection of a child's personal information12.
* Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security12.
* Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use12.
* Establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children12.
In Matt's case, he did not receive any notice from the marketer about the survey or the contest, nor did he give his consent for the collection or disclosure of his son's personal information. He also did not have any access or control over his son's information or the ability to prevent further use or collection. Moreover, he noticed that his son's information seemed to have been shared with other marketers, as evidenced by the commercial emails in his son's inbox. These actions indicate that the marketer did not comply with COPPA's requirements and may have exposed his son's information to unauthorized or inappropriate parties. Therefore, Matt decided to report the marketer's activities to the proper authorities, such as the Federal Trade Commission (FTC), which enforces COPPA and can impose civil penalties for violations13. References: 1: Children's Online Privacy Protection Act | Federal Trade Commission, 1. 2: 16 CFR Part 312 - Children's Online Privacy Protection Rule, 3. 3: Children's Online Privacy Protection Act - Wikipedia, 2.


NEW QUESTION # 88
What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?

  • A. Stare decisis decree
  • B. A consent decree
  • C. A judgment rider
  • D. Common law judgment

Answer: B


NEW QUESTION # 89
Which of the following best describes private-sector workplace monitoring in the United States?

  • A. Judgments in private lawsuits have severely limited the monitoring of employees
  • B. Most employees are protected from workplace monitoring by the U.S. Constitution
  • C. Employers have broad authority to monitor their employees
  • D. U.S. federal law restricts monitoring only to industries for which it is necessary

Answer: C

Explanation:
In the United States, there is no comprehensive federal law that regulates employee monitoring in the private sector. Instead, there are various federal and state laws that address specific aspects of monitoring, such as electronic communications, video surveillance, GPS tracking, and biometric data. Generally, these laws provide more protection for employees' privacy when they are using their own devices or personal accounts, or when they are outside of work hours or premises. However, when employees are using company-owned devices or accounts, or when they are performing work-related tasks, employers have broad authority to monitor their activities, as long as they have a legitimate business interest and do not violate any specific laws. Employers are also advised to inform employees of their monitoring practices and obtain their consent, either explicitly or implicitly, to avoid potential legal disputes or employee backlash123 References: https://www.jibble.io/article/us-employee-monitoring
https://www.worktime.com/most-asked-questions-on-us-employee-monitoring-laws


NEW QUESTION # 90
Which of the following best describes how federal anti-discrimination laws protect the privacy of private-sector employees in the United States?

  • A. They promote a workforce of employees with diverse skills and interests.
  • B. They limit the types of information that employers can collect about employees.
  • C. They prescribe working environments that are safe and comfortable.
  • D. They limit the amount of time a potential employee can be interviewed.

Answer: C


NEW QUESTION # 91
......

Get professional help from our CIPP-US Dumps PDF: https://www.prepawayexam.com/IAPP/braindumps.CIPP-US.ete.file.html

Clear your concepts with CIPP-US Questions Before Attempting Real exam: https://drive.google.com/open?id=1vVThGa8vRo7t3DCaIb9MZWscFYM5hgW1