CIPP US Data Breach Law and
Enforcement Exam Question and
Answers
At the federal level, which agencies engage in regulatory activities concerning the
private sector? - Answer-FTC, federal banking regulatory agencies (Consumer Financial
Protection Bureau, Federal Reserve, Office of the Comptroller of the Currency), the
FCC, DOT, Dept. of Health and Human Services through its Office for Civil Rights.
What role does the Department of Commerce play in privacy? - Answer-The DOC
doesn't have regulatory authority for privacy, but often plays a role in privacy policy for
the executive branch.
What authority does the FTC have re: privacy in the private sector? - Answer-General
authority to enforce against "unfair and deceptive trade practices."
In which areas does the FTC have specific regulatory authority? - Answer-1. marketing
communications;2. children's privacy
Who brings privacy-related enforcement actions at the state level? - Answer-State
Attorneys General
On what basis are state privacy enforcement actions brought? - Answer-pursuant to
state laws prohibiting unfair and deceptive practices.
What role does the State Attorney General serve? - Answer-Serves as the chief legal
advisor to the state government and as the state's chief law enforcement officer
Which states have successfully pursued privacy actions related to unfair and deceptive
practices? - Answer-Minnesota and Washington.
Give examples of self-regulatory regimes. - Answer-Network Advertising Initiative,
Direct Marketing Association, Children's Advertising Review Unit.
True/false: some trade associations issue rules or codes of conduct for members. -
Answer-True.
Give an example of a regulatory setting where government-created rules expect
companies to sign up for self-regulatory oversight. - Answer-The Safe Harbor for
companies that transfer personal information from the EU to the US.
What six questions are necessary to understand a law, statute, or regulation? - Answer-
1. Who is covered by this law 2. What types of information (and what uses of
Enforcement Exam Question and
Answers
At the federal level, which agencies engage in regulatory activities concerning the
private sector? - Answer-FTC, federal banking regulatory agencies (Consumer Financial
Protection Bureau, Federal Reserve, Office of the Comptroller of the Currency), the
FCC, DOT, Dept. of Health and Human Services through its Office for Civil Rights.
What role does the Department of Commerce play in privacy? - Answer-The DOC
doesn't have regulatory authority for privacy, but often plays a role in privacy policy for
the executive branch.
What authority does the FTC have re: privacy in the private sector? - Answer-General
authority to enforce against "unfair and deceptive trade practices."
In which areas does the FTC have specific regulatory authority? - Answer-1. marketing
communications;2. children's privacy
Who brings privacy-related enforcement actions at the state level? - Answer-State
Attorneys General
On what basis are state privacy enforcement actions brought? - Answer-pursuant to
state laws prohibiting unfair and deceptive practices.
What role does the State Attorney General serve? - Answer-Serves as the chief legal
advisor to the state government and as the state's chief law enforcement officer
Which states have successfully pursued privacy actions related to unfair and deceptive
practices? - Answer-Minnesota and Washington.
Give examples of self-regulatory regimes. - Answer-Network Advertising Initiative,
Direct Marketing Association, Children's Advertising Review Unit.
True/false: some trade associations issue rules or codes of conduct for members. -
Answer-True.
Give an example of a regulatory setting where government-created rules expect
companies to sign up for self-regulatory oversight. - Answer-The Safe Harbor for
companies that transfer personal information from the EU to the US.
What six questions are necessary to understand a law, statute, or regulation? - Answer-
1. Who is covered by this law 2. What types of information (and what uses of
