CIPM Question and answers correctly
solved
Accountability - correct answers A fair information practices principle, it is the
idea that when personal information is to be transferred to another person or
organization, the personal information controller should obtain the consent of
the individual or exercise due diligence and take reasonable steps to ensure
that the recipient person or organization will protect the information
consistently with other fair use principles.
Active Scanning Tools - correct answers DLP network, storage, scans and
privacy tools can be used to identify security and privacy risks to personal
information. They can also be used to monitor for compliance with internal
policies and procedures, and block e-mail or file transfers based on the data
category and definitions
American Institute of Certified Public Accountants
AICPA - correct answers A U.S. professional organization of certified public
accountants and co-creator of the WebTrust seal program
APEC Privacy Principles - correct answers A set of non-binding principles
adopted by the Asia-Pacific Economic Cooperative (APEC) that mirror the
OECD Fair Information Privacy Practices. Though based on OECD
Guidelines, they seek to promote electronic commerce throughout the Asia-
Pacific region by balancing information privacy with business needs.
Assess - correct answers The first of four phases of the privacy operational
life cycle; provides the steps, checklists and processes necessary to assess
any gaps in a privacy program as compared to industry best practices,
corporate privacy policies, applicable privacy laws, and objective-based
privacy program frameworks.
,Audit Life Cycle - correct answers High-level, five-phase audit approach. The
steps include: Audit Planning; Audit Preparation; Conducting the Audit;
Reporting; and Follow-up.
Bureau of Competition - correct answers One of the United States' Federal
Trade Commission's three principle groups relevant to privacy oversight;
investigates and attempts the prevention of anticompetitive business
practices, such as monopolies, price- fixing and similar regulatory violations,
which may negatively affect commercial competition.
Bureau of Consumer Protection - correct answers One of the United States'
Federal Trade Commission's three principle groups relevant to privacy
oversight; protects consumers against deceptive and or unfair business
practices. Included under the FTC mandate are deceptive advertising and
fraudulent product and/or service claims.
Bureau of Economics - correct answers One of the United States' Federal
Trade Commission's three principle groups relevant to privacy oversight;
works in accord with the Bureau of Competition to study the effects of FTC
lawmaking initiatives and of existing law.
Business case - correct answers The starting point for assessing the needs of
the privacy organization, it defines the individual program needs and the ways
to meet specific business goals, such as compliance with privacy laws or
regulations, industry frameworks, customer requirements and other
considerations.
Business Continuity and Disaster Recovery Plan - correct answers A risk
mitigation plan designed to prepare an organization for crises and to ensure
critical business functions continue. The focus is to recover from a disaster
when disruptions of any size are encountered.
, Business Continuity Plan - correct answers The business continuity plan is
typically drafted and maintained by key stakeholders, spelling out
departmental responsibilities and actions teams must take before, during and
after an event in order to help operations run smoothly. Situations covered in
a BCP often include fire, flood, natural disasters (tornadoes and hurricanes),
and terrorist attack.
C-I-A Triad - correct answers Also known as information security triad; three
common information security principles from the 1960s: Confidentiality,
integrity, availability.
Canadian Institute of Chartered Accountants - correct answers The Canadian
Institute of Chartered Accountants (CICA), in partnership with the provincial
and territorial institutes, is responsible for the functions that are critical to the
success of the Canadian CA profession. CICA, pursuant to the 2006 Protocol,
is entrusted with the responsibility for providing strategic leadership, co-
ordination of common critical functions of strategic planning, protection of the
public and ethics, education and qualification, standard setting and
communications
Centralized governance - correct answers Privacy governance model that
leaves one team or person responsible for privacy-related affairs; all other
persons or organizations will flow through this point.
Children's Online Privacy Protection Act (COPPA) of 1998 - correct answers A
U.S. federal law that applies to the operators of commercial websites and
online services that are directed to children under the age of 13. It also applies
to general audience websites and online services that have actual knowledge
that they are collecting personal information from children under the age of 13.
COPPA requires these website operators: to post a privacy policy on the
homepage of the website; provide notice about collection practices to parents;
obtain verifiable parental consent before collecting personal information from
children; give parents a choice as to whether their child's personal information
will be disclosed to third parties; provide parents access and the opportunity to
solved
Accountability - correct answers A fair information practices principle, it is the
idea that when personal information is to be transferred to another person or
organization, the personal information controller should obtain the consent of
the individual or exercise due diligence and take reasonable steps to ensure
that the recipient person or organization will protect the information
consistently with other fair use principles.
Active Scanning Tools - correct answers DLP network, storage, scans and
privacy tools can be used to identify security and privacy risks to personal
information. They can also be used to monitor for compliance with internal
policies and procedures, and block e-mail or file transfers based on the data
category and definitions
American Institute of Certified Public Accountants
AICPA - correct answers A U.S. professional organization of certified public
accountants and co-creator of the WebTrust seal program
APEC Privacy Principles - correct answers A set of non-binding principles
adopted by the Asia-Pacific Economic Cooperative (APEC) that mirror the
OECD Fair Information Privacy Practices. Though based on OECD
Guidelines, they seek to promote electronic commerce throughout the Asia-
Pacific region by balancing information privacy with business needs.
Assess - correct answers The first of four phases of the privacy operational
life cycle; provides the steps, checklists and processes necessary to assess
any gaps in a privacy program as compared to industry best practices,
corporate privacy policies, applicable privacy laws, and objective-based
privacy program frameworks.
,Audit Life Cycle - correct answers High-level, five-phase audit approach. The
steps include: Audit Planning; Audit Preparation; Conducting the Audit;
Reporting; and Follow-up.
Bureau of Competition - correct answers One of the United States' Federal
Trade Commission's three principle groups relevant to privacy oversight;
investigates and attempts the prevention of anticompetitive business
practices, such as monopolies, price- fixing and similar regulatory violations,
which may negatively affect commercial competition.
Bureau of Consumer Protection - correct answers One of the United States'
Federal Trade Commission's three principle groups relevant to privacy
oversight; protects consumers against deceptive and or unfair business
practices. Included under the FTC mandate are deceptive advertising and
fraudulent product and/or service claims.
Bureau of Economics - correct answers One of the United States' Federal
Trade Commission's three principle groups relevant to privacy oversight;
works in accord with the Bureau of Competition to study the effects of FTC
lawmaking initiatives and of existing law.
Business case - correct answers The starting point for assessing the needs of
the privacy organization, it defines the individual program needs and the ways
to meet specific business goals, such as compliance with privacy laws or
regulations, industry frameworks, customer requirements and other
considerations.
Business Continuity and Disaster Recovery Plan - correct answers A risk
mitigation plan designed to prepare an organization for crises and to ensure
critical business functions continue. The focus is to recover from a disaster
when disruptions of any size are encountered.
, Business Continuity Plan - correct answers The business continuity plan is
typically drafted and maintained by key stakeholders, spelling out
departmental responsibilities and actions teams must take before, during and
after an event in order to help operations run smoothly. Situations covered in
a BCP often include fire, flood, natural disasters (tornadoes and hurricanes),
and terrorist attack.
C-I-A Triad - correct answers Also known as information security triad; three
common information security principles from the 1960s: Confidentiality,
integrity, availability.
Canadian Institute of Chartered Accountants - correct answers The Canadian
Institute of Chartered Accountants (CICA), in partnership with the provincial
and territorial institutes, is responsible for the functions that are critical to the
success of the Canadian CA profession. CICA, pursuant to the 2006 Protocol,
is entrusted with the responsibility for providing strategic leadership, co-
ordination of common critical functions of strategic planning, protection of the
public and ethics, education and qualification, standard setting and
communications
Centralized governance - correct answers Privacy governance model that
leaves one team or person responsible for privacy-related affairs; all other
persons or organizations will flow through this point.
Children's Online Privacy Protection Act (COPPA) of 1998 - correct answers A
U.S. federal law that applies to the operators of commercial websites and
online services that are directed to children under the age of 13. It also applies
to general audience websites and online services that have actual knowledge
that they are collecting personal information from children under the age of 13.
COPPA requires these website operators: to post a privacy policy on the
homepage of the website; provide notice about collection practices to parents;
obtain verifiable parental consent before collecting personal information from
children; give parents a choice as to whether their child's personal information
will be disclosed to third parties; provide parents access and the opportunity to
