CIPP/US IAPP exam study guide questions and answers

Americans with Disabilities Act (ADA) Bars discrimination against qualified individuals with disabilities; places restrictions on pre-employment medical screening. Consumer Financial Protection Bureau (CFPB) Has enforcement power for unfair, deceptive or abusive acts and practices for financial institutions. Choice The ability to specify whether personal information will be collected and/or how it will be used or disclosed. Choice can be express or implied. Common Law Legal principles that have developed over time in judicial decisions (case law), often drawing on social customs and expectations. Consent Decree A judgment entered by consent of the parties (a federal or state agency and an adverse party) whereby the defendant agrees to stop alleged illegal activity, typically without admitting guilt or wrongdoing. Consumer Reporting Agency (CRA) Any person or entity that complies or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee. Data Breach The intentional or unintentional release of secure information to an untrusted environment. Data Classification Defines the clearance of individuals who can access or handle a given set of data, as well as the baseline level of protection that is appropriate for that data. Deceptive Trade Practices Along with unfair trade practices, behavior of an organization that can be enforced against by the FTC. Defamation Any act or communication intending to harm the reputation of another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him. Electronic Discovery (e-discovery) Discovery in civil litigation dealing with the exchange of information in electronic format, often requiring digital forensics analysis. Electronically Stored Information (ESI) A category of information that can include e-mail, word-processing documents, server logs, instant messaging transcripts, voicemail systems, social networking records, thumb drives, or data on SD cards. Equal Employment Opportunity Commission (EEOC) A federal agency overseeing many laws preventing discrimination in the workplace, include Title VII of the Civil Rights Act, the Age Discrimination in Employment Act of 1967 (ADEA) and Titles I and V of the Americans with Disabilities Act of 1990 (ADA). Evidentiary Privilege Privileges limiting or prohibiting disclosure of personal information in the context of investigations and litigation, such as attorney-client privilege. Fair Credit Reporting Act (FCRA) Enacted in 1970 to regulate the consumer reporting industry and provide privacy rights in consumer reports, FCRA mandates accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes. Federal Trade Commission (FTC) An independent consumer protection agency governed by a chairman and four other commissioners with the authority to enforce against unfair and deceptive trade practices. Global Privacy Enforcement Network (GPEN) Established in 2010 by the FTC and enforcement authorities from around the world, the GPEN aims to promote cross-border information sharing as well as investigation and enforcement cooperation among privacy authorities around the world. Gramm-Leach Bliley Act (GLBA) Alo known as the Financial Services Modernization Act of 1999, GLBA is a United States federal law to control the ways that financial institutions deal with the private information of individuals. Health Information Any information related to the past, present or future physical or mental condition, provision of health care or payment for health care for a specific individual. Health Insurance Portability and Accountability Act of 1996 (HIPAA) A U.S. law passed to create national standards for electronic healthcare transactions, among other purposes. HIPAA required the U.S. Department of Health and Human Services to promulgate regulations to protect the privacy and security of personal health information. The basic rule is that patients have to opt-in before their information can be shared with other organizations - although there are important exceptions such for treatment, payment and healthcare operations. National Labor Relations Board (NLRB) An independent agency of the United States government responsible for investigating and remedying unfair labor practices. National Security Letter (NSL) A category of subpoena generally issued to seek records considered relevant to protect against international terrorism or clandestine intelligence activities. Negligence The failure to exercise the care that a reasonably prudent person would exercise in like circumstances, leading to unintended harm. Notice A description of an organization's information management practices, with the purposes of consumer education and corporate accountability. Organisation for Economic Co-operation and Development (OECD) A multinational organization with the goal of creating policies that contribute to the economic, environmental, and social well-being of its member countries. Personal Health Information (PHI) Any individually indentifiable health information with data elements which could reasonably be expected to allow individual identification. Personal Health Record (PHR) A record maintained by the patient to track health and medical care information across a duration of time. Preemption The ability for one government's laws to supersede those of another, such as federal law overriding individual state law.