CIPP/US- Chapter. 3 Exam Questions with Complete Solutions 2023

Legal, Reputational, Operational, and Investment Risks - Answer-The four risks associated with using PI Improperly Four basic steps of information management - Answer-1. Discover- Issue identification and self assessment and determination of best practices 2. Build- Procedure development and verification; full implementation 3. Communicate- Documentation and Education 4. Evolve- Affirmation and monitoring; adaptation Data Classification - Answer-After a data inventory has been performed, companies should make efforts to performs this function to properly classify data according to its level of sensitivity. The different levels should define the clearance of individuals who can access or handle that data, as well as the baseline level of protection that is appropriate for that data. Performing this function helps organizations address compliance audits for a particular type of data, respond to legal discovery requests without producing more information than necessary, and use storage resources in a cost effective manner. Common categories include: confidential, proprietary, sensitive, restricted, and public Document Data Flows - Answer-Once data has been inventoried and classified, organizations should make efforts to perform this function to assist in identifying areas for compliance attention. An organizational chart can be useful to map and document the systems, application and processes handling data. Determine Data Accountability - Answer-Organizations should perform this function due to the significant responsibility it has to to assure compliance with privacy laws and policies. The following questions should be asked: - Where, how and for what length of time is the data stored? -How sensitive is the information? - Should the information be encrypted? - Will the information be transferred to or from other countries, and if so, how will it be transferred? -Who determines the rules that apply to the information? -How is the information to be processes, and how will these processes be maintained? -Is the use of such data dependent upon other systems?