CIPT EXAM QUESTIONS AND ANSWERS
100% CORRECT
Privacy professionals - ANSWER-Responsible for a company's overall privacy program.
They define the privacy policies, standards, guidelines, auditing and controls. They
ensure people are trained on privacy policies, and they manage relationships with
internal and external data handlers.
Information security professionals - ANSWER-Who is responsible for ensuring all data
assets, including personal information, are appropriately safeguarded. They define
information security policies, standards, guidelines, auditing and controls. They make
sure people are trained on information security policies.
Company executives - ANSWER-empower privacy programs through their words and
actions.
Lawyers - ANSWER-create privacy statements, write contracts, ensure compliance with
laws and regulations and address formal inquiries from regulators.
Marketers - ANSWER-develop email campaigns and web content. They handle
customer information gathered from online registrations and face-to-face events.
Public relations personnel - ANSWER-promote a company's commitment to privacy,
communicate responses to privacy incidents, and help minimize any backlash from the
incident.
Human resources personnel - ANSWER-are responsible for keeping employee
information confidential.
All employees - ANSWER-privacy ambassadors who are responsible for ensuring your
organization's privacy policies are followed.
Internal standards - ANSWER-What should be in place to cover the proper
classification, collection, storage, usage, sharing and disposal of the data?
Training - ANSWER-What should cover proper notification, collection, storage, access,
processing, sharing and retention procedures for data
Privacy - ANSWER-The "what" of data protection. It governs policies for the entire data
lifecycle including collection, usage, sharing and retention. Provides the strategy.
Information Security - ANSWER-The "how" of data protection. It protects the
confidentiality, integrity and availability of data by restricting physical and logical access
,to sensitive information during its collection, storage, and transmission. Provides the
tactics
Privacy Impact Assessment (PIA) - ANSWER-A risk management tool you can use to
help develop and advance your strategy by identifying gaps in privacy coverage and
determining how to address them.
Why perform a PIA? - ANSWER-to verify that a new or existing product, service, data
handling practice or other business process adheres to all appropriate privacy laws,
regulations, self-regulatory commitments and organizational policies.
When to perform a PIA? - ANSWER-Early and upon changes to the methods in which
data is handled or anytime there is a significant change to your environment.
Four Stages of execution for PIA - ANSWER-Preparation
Data Analysis
Privacy Assessment
Reporting
Fingerprinting - ANSWER-Used to build profiles of users based on the websites they
visit — profiles that shape which ads, news articles, or other types of content are
displayed to them.
Privacy Notice - Gaining access to data - ANSWER-This section of a privacy notice
should explain how users can access the data an org holds on them.
Privacy Notice - Resolving privacy issues - ANSWER-This section of a privacy notice
should describe how users can resolve privacy issues they may have. Handled via
email, address, phone. Should include an option of contacting a 3rd party org to
address via arbitration or self-regulation.
Privacy Notice - Date of privacy notice - ANSWER-This section of a privacy notice
should display the date the privacy notice was released. Displayed prominently.
Preparation Phase - ANSWER-An initial analysis is performed to determine whether a
PIA is required by law or as a best practice. Staffing resources are identified, and
timelines are drafted for completing both the initial analysis and the PIA.
Data Analysis Phase - ANSWER-During this stage, the handling of personal information
is analyzed and documented. A data flow diagram can be helpful in documenting where
data is collected, which teams within the organization get access to it, and whether it is
shared externally.
Privacy Assessment Phase - ANSWER-Stage during which risks and vulnerabilities to
privacy, including legal and regulatory requirements, are identified and documented.
, Reporting Phase - ANSWER-Phase where discovered risks and vulnerabilities are
evaluated, and an attempt is made to identify remedies. The rationale for selected
courses of action is documented in the report.
Privacy Policy - ANSWER-a guiding set of principles intended to help the people in your
organization understand and manage any privacy obligations they encounter in their
daily work.
Privacy Policies should cover: - ANSWER-• the types of data classification to use
• data collection principles
• how to protect data
• data retention periods
• the treatment of sensitive data
• sharing of data with across departments and with partners or vendors
• the creation of departmental privacy policies
• the performance of privacy reviews
• participation in a privacy response center
• responding to privacy inquiries
• and responding to data requests
Data handling activities - ANSWER-include commitments made within your
organization's privacy notice.
Privacy notices - ANSWER-inform website visitors about requirements regarding the
use of the website. They also spell out the organization's standards for use of the
consumer's personal information.
Privacy Notice - What data is collected? - ANSWER-This section of a privacy notice
include what data is collected, and by what extension, what data is NOT collected, data
that is observed, inferred and declared directly from users as well as data collected from
3rd parties.
Privacy Notice - How collected data is used? - ANSWER-This section of a privacy
notice should provide a general description of data usage, including how the data may
be used by all groups across the organization, as well as any 3rd party usage.
Privacy Notice - How collected data is shared? - ANSWER-This section of a privacy
notice should cover how data is shared not only outside the org but with which teams
across the organization. Any law enforcement or regulatory reqs to share data should
be described here.
Privacy Notice - User control over collected data? - ANSWER-This section of a privacy
notice should describe how users can control the collection and use, including sharing,
of their data. Users should have some control over how their data is used.
100% CORRECT
Privacy professionals - ANSWER-Responsible for a company's overall privacy program.
They define the privacy policies, standards, guidelines, auditing and controls. They
ensure people are trained on privacy policies, and they manage relationships with
internal and external data handlers.
Information security professionals - ANSWER-Who is responsible for ensuring all data
assets, including personal information, are appropriately safeguarded. They define
information security policies, standards, guidelines, auditing and controls. They make
sure people are trained on information security policies.
Company executives - ANSWER-empower privacy programs through their words and
actions.
Lawyers - ANSWER-create privacy statements, write contracts, ensure compliance with
laws and regulations and address formal inquiries from regulators.
Marketers - ANSWER-develop email campaigns and web content. They handle
customer information gathered from online registrations and face-to-face events.
Public relations personnel - ANSWER-promote a company's commitment to privacy,
communicate responses to privacy incidents, and help minimize any backlash from the
incident.
Human resources personnel - ANSWER-are responsible for keeping employee
information confidential.
All employees - ANSWER-privacy ambassadors who are responsible for ensuring your
organization's privacy policies are followed.
Internal standards - ANSWER-What should be in place to cover the proper
classification, collection, storage, usage, sharing and disposal of the data?
Training - ANSWER-What should cover proper notification, collection, storage, access,
processing, sharing and retention procedures for data
Privacy - ANSWER-The "what" of data protection. It governs policies for the entire data
lifecycle including collection, usage, sharing and retention. Provides the strategy.
Information Security - ANSWER-The "how" of data protection. It protects the
confidentiality, integrity and availability of data by restricting physical and logical access
,to sensitive information during its collection, storage, and transmission. Provides the
tactics
Privacy Impact Assessment (PIA) - ANSWER-A risk management tool you can use to
help develop and advance your strategy by identifying gaps in privacy coverage and
determining how to address them.
Why perform a PIA? - ANSWER-to verify that a new or existing product, service, data
handling practice or other business process adheres to all appropriate privacy laws,
regulations, self-regulatory commitments and organizational policies.
When to perform a PIA? - ANSWER-Early and upon changes to the methods in which
data is handled or anytime there is a significant change to your environment.
Four Stages of execution for PIA - ANSWER-Preparation
Data Analysis
Privacy Assessment
Reporting
Fingerprinting - ANSWER-Used to build profiles of users based on the websites they
visit — profiles that shape which ads, news articles, or other types of content are
displayed to them.
Privacy Notice - Gaining access to data - ANSWER-This section of a privacy notice
should explain how users can access the data an org holds on them.
Privacy Notice - Resolving privacy issues - ANSWER-This section of a privacy notice
should describe how users can resolve privacy issues they may have. Handled via
email, address, phone. Should include an option of contacting a 3rd party org to
address via arbitration or self-regulation.
Privacy Notice - Date of privacy notice - ANSWER-This section of a privacy notice
should display the date the privacy notice was released. Displayed prominently.
Preparation Phase - ANSWER-An initial analysis is performed to determine whether a
PIA is required by law or as a best practice. Staffing resources are identified, and
timelines are drafted for completing both the initial analysis and the PIA.
Data Analysis Phase - ANSWER-During this stage, the handling of personal information
is analyzed and documented. A data flow diagram can be helpful in documenting where
data is collected, which teams within the organization get access to it, and whether it is
shared externally.
Privacy Assessment Phase - ANSWER-Stage during which risks and vulnerabilities to
privacy, including legal and regulatory requirements, are identified and documented.
, Reporting Phase - ANSWER-Phase where discovered risks and vulnerabilities are
evaluated, and an attempt is made to identify remedies. The rationale for selected
courses of action is documented in the report.
Privacy Policy - ANSWER-a guiding set of principles intended to help the people in your
organization understand and manage any privacy obligations they encounter in their
daily work.
Privacy Policies should cover: - ANSWER-• the types of data classification to use
• data collection principles
• how to protect data
• data retention periods
• the treatment of sensitive data
• sharing of data with across departments and with partners or vendors
• the creation of departmental privacy policies
• the performance of privacy reviews
• participation in a privacy response center
• responding to privacy inquiries
• and responding to data requests
Data handling activities - ANSWER-include commitments made within your
organization's privacy notice.
Privacy notices - ANSWER-inform website visitors about requirements regarding the
use of the website. They also spell out the organization's standards for use of the
consumer's personal information.
Privacy Notice - What data is collected? - ANSWER-This section of a privacy notice
include what data is collected, and by what extension, what data is NOT collected, data
that is observed, inferred and declared directly from users as well as data collected from
3rd parties.
Privacy Notice - How collected data is used? - ANSWER-This section of a privacy
notice should provide a general description of data usage, including how the data may
be used by all groups across the organization, as well as any 3rd party usage.
Privacy Notice - How collected data is shared? - ANSWER-This section of a privacy
notice should cover how data is shared not only outside the org but with which teams
across the organization. Any law enforcement or regulatory reqs to share data should
be described here.
Privacy Notice - User control over collected data? - ANSWER-This section of a privacy
notice should describe how users can control the collection and use, including sharing,
of their data. Users should have some control over how their data is used.
