CIPP/US exam study guide questions and answers already graded A+

Contract Law requirements offer, acceptance, consideration Common Law Legal principals which have developed over time HITECH breach notification - individual notice determine risk of harm, if significant, must notify individuals within 60 days HITECH breach notification - HHS notice >500 records notify immediately HITECH breach notification - HHS notice < 500 records notify annually HITECH breach notification - media >500 records in same jurisdiction General Torts Intentional, Negligent, Strict Liability Types of Litigation Civil, Criminal, Administrative enforcement actions FTC Section 5 Unfair & deceptive practices FTC Section 6 Investigation authority FTC enforcement process 1. Claim of unfair and deceptive practices 2. investigation 3. Administrative court or consent decree Geocities Deceptive, misrepresented consumer info use and children's PI. Geocities - consent decree post privacy notice and obtain parental consent Eli Lilly Deceptive, mistakenly disclosed emails Eli Lilly - consent decree maintain an information privacy and security program - First one Microsoft Deceptive, False claims of security and child PI protection for Passport service Microsoft - Consent Decree adopt a comprehensive InfoSec program Gateway Unfair, changed privacy notice and started selling PI without users consent Gateway - consent decree give back $ and provide necessary opt-out BJ's Wholesale Unfair, unencrypted wireless, PI lost BJ's Wholesale - consent decree implement a comprehensive security policy including regular audits Google Unfair, enrolled users in Buzz without consent, exposed PI, EU Safe Harbor violations Google - consent decree implement comprehensive privacy program - first time Facebook Unfair, made retroactive changes to its privacy policy Facebook - consent decree provide clear notice and obtain consent, third party audits of privacy program White House Report - 2012 Consumer Privacy Bill of Rights: -Individual Control -Transparency -Respect for context -Security -Access & Accuracy -Focused Collection -Accountability FTC Report - 2012 Privacy by Design, Simplified Consumer Choice, Transparency Five Priority Areas: -Do Not Track -Mobile -Data Brokers -Large Platform Providers -Self Regulation UDAP State Privacy enforcement - Unfair and Deceptive Practices First breach notification law California