CIPM EXAM QUESTIONS AND ANSWERS

CIPM EXAM QUESTIONS AND ANSWERS
Privacy vision and mission correct answer: Statement of an org concisely communicates stance on privacy to all stakeholders
3 things to create a company vision correct answer: 1. Get knowledge on privacy approaches
2. Evaluate intended objective
3. Get sponsor approval
Elements within a privacy vision correct answer: 1. Value of privacy to the org
2. Org objectives
3. Strategies to achieve intended outcomes
4. Roles/responsibilities
Considerations when developing privacy strategy (3) correct answer: 1. Business alignment
2. Develop a data governance strategy for PI
3. Plan inquiry/complaint handling procedures
Components of data governance (4) correct answer: Collection, access, authorized use, destruction
Structure of privacy team large orgs correct answer: Chief privacy officer, privacy manager, privacy analyst, business line privacy leaders, first responders
Privacy "team" for a small org correct answer: Sole data protection officer Once strategy is defined, org can move to develop correct answer: privacy program framework
Stuff a privacy program is responsible for (7) correct answer: Education/awareness, monitoring regulation, internal policy compliance, data inventories/flows/classification, PIAs, incident response, remediation, audits
How to implement the privacy program framework (2) correct answer: Communicate to internal/external stakeholders, ensure alignment with laws/regs
Privacy strategy vs framework correct answer: Strategy is the why / goals Framework is the what / form and structure
Privacy frameworks provide ___________ ________ that guide privacy team through privacy mgmt correct answer: Implementation roadmaps
Benefits of privacy program framework (4) correct answer: Reduce risk, avoid/plan for incidents, sustain market value and rep, provide measurements in compliance with laws and standards
Privacy framework is used loosely to describe 4 things that guide the privacy professional in program mgmt correct answer: Processes, templates, tools, laws/standards
5 things useful for effective policy lifecycle correct answer: 1. Inward facing policies that are simple to understand 2. Get approval from decision makers and stakeholders 3. Socialize policies to all employees 4. Train employees and enforce policies 5. Review/revise policies at least annually, after a breach or when business circumstances change
Privacy governance may be (3 things) correct answer: 1. Localized 2. Centralized 3. Hybrid
Hybrid privacy governance model correct answer: Combines localized and centralized. Most common when large org assigns someone to be responsible for privacy of the rest of the org
Local/decentralized privacy governance correct answer: Decision making is delegated for the lower levels of the org.
Centralized privacy governance correct answer: One team or person is responsible for privacy related affairs. Works best in orgs with single channel functions with planing and decision making
Pros cons of centralized privacy governance correct answer: Pro
streamlined , Con individual employees can't make decisions
Pros cons of localized privacy governance correct answer: Pros Bottom to top flow of info, Con lack of centralized effort can cause duplication of efforts
Pros cons of hybrid privacy governance correct answer: Pros offers resources of a larger org, Cons decentralized decision making