CIPM - Class & Book (Exam Prep) (Group 11) Questions With 100% Correct Answers.

What is a typical approach to defining the privacy program scope? - "Identify Personal Information Collected & Processed Identify in scope privacy & data protection laws and regulations" What should be collected when identifying the personal information collected & processed? - "Who collects, uses and maintains personal information including service providers What types of personal information are collected Where is the data stored physically To whom is the data transferred when and how is the data collected How long is the data retained and how is it deleted What security controls are in place" Legal Models & Protection for U.S. Privacy - "Sectoral Laws Enactment of Laws that specifically Address a particular industry. -Financial Transactions -Credit Records -Law Enforcement -Medical Records -Communications" Legal Models & Protection for EU Privacy - "Comprehensive Laws Govern collection, use and dissemination of personal information in public and private sectors with an official oversight enforcement agency that: -Remedies past injustices -Promotes electronic commerce-Ensures consistency with Pan-European laws" Legal Models & Protection for Australian Privacy - "Co-Regulatory Model Varient of Comprehensive Model, where industry develops enforcement standards that are overseen by a privacy agency." Legal Models & Protection for Japan, Singapore - "Self-Regulated Model Companies use a code of practice by a group of companies known as industry bodies. The online privacy alliance (OPA), TrustArc (formerly Truste), BBBOnline, and Webtrust are examples of this type of model." Examples of "Other" Privacy Laws - "GLBA - "Covered Entities" HIPAA - HealthCare Providers and health plans COPPA - Children under the age of 13 PCI DSS - Any entity that processes cardholder data, has privacy requirements but is largely a security standard." How many U.S. States currently have breach notification laws? - 46 What are the main considerations when choosing where a privacy program fits within an organization? - Influence, Global Scope, Budget, Project Management, Support What is a Privacy Mission and Vision? - A message that communicates privacy stance to all stakeholders. It consists of acquiring knowledge of privacy approaches, evaluating intended objective and gain executive sponsor approval. What are the main elements of a Privacy Mission/Vision statement (1 of 4) - Value of Privacy to the organization What are the main elements of a Privacy Mission/Vision statement (2 of 4) - Organizational ObjectivesWhat are the main elements of a Privacy Mission/Vision statement (3 of 4) - Strategies to achieve intended outcomes What are the main elements of a Privacy Mission/Vision statement (4 of 4) - Roles and Responsibilities Example of Privacy Mission & Vision - "The Australian Bankers' Association ('ABA') and its member banks believe that an individual's right to privacy of their personal information is very important. Value of Privacy to the Organization) and are </b><b>committed to protecting and maintaining the privacy, accuracy and security of anindividual's personal and financial information. (Organizational Objectives) Every ABA member bank has a Privacy Policy, which generally can be found on their website home pages" Example of Privacy Mission & Vision: Part 2 - We respect your privacy and we promise: to implement computer, physical and procedural safeguards to protect the securityand confidentiality of the personal data we collect• to limit the personal data collected to the minimum required to provide servicesrequested by you (Strategies to achieve intended outcomes)• to permit only our properly trained, authorized employees to access personal data (Roles and Responsibilities)• not to disclose your personal data to external parties unless you have agreed, we arerequired by law or we have previously informed you. A successful approach to determining your Privacy Program Scope (1 of 5) - Understand end-toend personal information data lifecycle