CIPP/US - PRINCIPLES OF
INFORMATION MANAGEMENT EXAM
QUESTIONS WITH CORRECT ANSWERS
3 Categories of People - Answer-Privacy Fundamentalists (Strong Desire to Protect
Privacy)
Privacy Unconcerned (Low Worries about Privacy)
Privacy Pragmatists (Varies with Context. Give up for Benefits)
Personal Information - 4 Risks - Answer-1) Legal - Compliance with Laws, Contracts &
Industry Standards
2) Reputational
3) Operational (Administratively Efficient)
4) Investment (Return on Investments in Light of Privacy Laws & Standards)
4 Basic Steps for Information Management - Answer-1) Discover
2) Build
3) Communicate
4) Evolve
Data Transfer & Sharing Guidelines - Answer-1) Data Inventory
2) Data Classification
3) Documentation of Data Flows
4) Data Accountability
Considerations for Determining Privacy Risk - Answer-1) Where, how and for what
length of time is the data stored?
2) How sensitive is the information?
3) Should the information be encrypted?
4) Will the information be transferred to and from other countries. If so, how will it be
transferred?
5) Who determines the rules that apply to the information? Controller vs. Processor.
6) How is the information to be processed, and how will these processes be
maintained?
7) Use of Data Dependent on Other Systems?
Communicating Privacy Notice - Answer-1) Make Accessible Online
2) Accessible in Place of Business
INFORMATION MANAGEMENT EXAM
QUESTIONS WITH CORRECT ANSWERS
3 Categories of People - Answer-Privacy Fundamentalists (Strong Desire to Protect
Privacy)
Privacy Unconcerned (Low Worries about Privacy)
Privacy Pragmatists (Varies with Context. Give up for Benefits)
Personal Information - 4 Risks - Answer-1) Legal - Compliance with Laws, Contracts &
Industry Standards
2) Reputational
3) Operational (Administratively Efficient)
4) Investment (Return on Investments in Light of Privacy Laws & Standards)
4 Basic Steps for Information Management - Answer-1) Discover
2) Build
3) Communicate
4) Evolve
Data Transfer & Sharing Guidelines - Answer-1) Data Inventory
2) Data Classification
3) Documentation of Data Flows
4) Data Accountability
Considerations for Determining Privacy Risk - Answer-1) Where, how and for what
length of time is the data stored?
2) How sensitive is the information?
3) Should the information be encrypted?
4) Will the information be transferred to and from other countries. If so, how will it be
transferred?
5) Who determines the rules that apply to the information? Controller vs. Processor.
6) How is the information to be processed, and how will these processes be
maintained?
7) Use of Data Dependent on Other Systems?
Communicating Privacy Notice - Answer-1) Make Accessible Online
2) Accessible in Place of Business
