CIPP Foundation- Chapter 2 Exam Questions and Correct Answers Latest Update 2024 Already Passed
TRUE - Answers True or False: There is no single approach to protecting privacy and security. Rather,
privacy protection is derived from serveral sources.
"Market Forces
Technology
Legal controls
Self Regulation - Answers What are the sources privacy protection is derived from?
Marketing - Answers This source of privacy protection can be a useful way of approaching privacy
protection. When consumers raise concerns about their privacy, companies respond. Businesses that
are brand sensitive likely to adopt strict privacy practices.
Technology - Answers The rapid advancement of this privacy protection source provides people with
new and advanced means of protecting themselves. (Provides robust privacy protection)
TRUE - Answers True or False: Even if privacy protection from law or market forces is weak, Information
privacy and security best practices can remain strong.
Law - Answers This source of privacy protection is the traditional approach to privacy regulation.
However, simply enacting more of it does not necessarily result in better privacy and security.
FALSE: Laws should be understood as one very important source of privacy protections, but in actual
pratice also depends on markets, technolgy and self regulation. - Answers True or False: Laws should be
the only source of privacy protection.
Self regulation - Answers This source of privacy protection is a complement to law that comes frm
government.
"1) legislation
2) enforcement
3) adjudication" - Answers What three components does self regulation/ co-regulation refer to?
Legislation - Answers What self regulation component defines the privacy rules. For self regulation this
typically occirs through the privacy policy of company, other entity or industry association
Enforcement - Answers What self regulation component refers to who should initiate enforcement
actions. Actions may be brought by data protection authorities, other govmt agencies, undustry code
enforcement, or in some cases affected individuals
,adjudication - Answers What self regulation component refers to the question of who should decide
whether an organization has violated a privacy rule. The decision maker can be an industry association,
govmt agency, or judicial officer.
Comprehensive data protection laws - Answers These are protection laws in which the govmt has
definied requirements thourhgout the economy.
Sectoral laws - Answers These are Laws that exist in selected market segments, often in response to a
particular need or problem. (Ex: the United States and Japan)
How much the specifc country relies on government laws vs. industry codes and stds. - Answers What
does the scope of data protection law depend on?
"Comprehensive and Sectoral frameworks
Co-regulatory or self-regulatory models, and the
technology-based model" - Answers What are the most common data protection models used today?
How much the specific countyr relies on govmt laws vs. industry codes and standards. - Answers The
scope of data protection laws varies depending on what?
Comprehensive - Answers Which data protection laws govern the collection, use and dissemination of PI
in the public and private sectors?
Data Protection Authority (DPA) - Answers A country that has enacted the comprensive model enacts
what kind of official or angency responsicle for overseeing enforcement.?
"overseeing enforcement
-ensures compliance with the law
-investigates breaches
-educates the public on data matters
-acts as internation liason for data protection issues." - Answers What responsibilities fall under the
DPA?
enformcement and funding - Answers What are the two critical issues ina comprehensive data
protection scheme?
1) remedy past injustice
2) ensure consistency with European privacy laws
3) promote electronic commerce - Answers What are the three reasons countries have adopted
comprehensive privacy and data protection laws ?
, TRUE - Answers "True or false: Critics of the comprehensive approach argue two things:
1) that the costs far outweight the benefits. Although certain areas of privacy require more secuirty such
as medical data, may not be justified for far less sensitive data.
2) may provide insufficient oppoertunity for innovation in data processing. "
Sectoral - Answers This framework protect PI by enacting laws that address a particular industry sector.
FALSE: Supporters of the sectoral framework emphasize the cost savings and lack of regulatory burden
for orgs outside of the regulated sectors. - Answers True or false: Supportors of the sectoral framework
complain of the lack of cost saving involved in and increase of regulatory burden for organizations out of
the regulated sectors.
"1)lack of a single data protection authority to oversee PI issues
2) Problems of gaps (might cover one are in industry sector and not another) and overlaps in coverage
(might have more than enforcement agency overseeing the industry sector)" - Answers What are the
two major complaints against the sectoral framework?
Gaps - Answers When dealing with a sectoral framework, these can occur when the legislation lags
behind technological change and unregulated segments face privacy threats with no legislative
guidance.
The (health information technology economic and clinical health) HITECH act of 2009 enacted due to
gaps that HIPAA was not covering entities not traditionally involved in healthcare but offered services
involving the collection and use of large volumes of healthcare info. - Answers In terms of a sectoral
framework, what is example of a gapbeing filled?
Australia - Answers What country uses a co-regulatory laws?
US or Singapore - Answers Which countries use a self regulatory framework?
Both approaches, self and co use a mix of govmt and non govmt instistuation to proect PI - Answers
Under which regulatory approach does government and nongovernment institutions proectect personal
info?
co-regulatory model - Answers Which regulatory model emphasizes industry development of
enforceable codes or standard for privacy and data protection, against the backdrop of legal
requirements by the government?
FALSE- the co-regulatory model can exist under both comprehensive and sectoral frameworks. -
Answers True or false: the co-regulatory model cannot exist under sectoral and comprehensive
frameworks.
Austalia and New Zealand - Answers What countries is co-regulation prominent in?
TRUE - Answers True or False: There is no single approach to protecting privacy and security. Rather,
privacy protection is derived from serveral sources.
"Market Forces
Technology
Legal controls
Self Regulation - Answers What are the sources privacy protection is derived from?
Marketing - Answers This source of privacy protection can be a useful way of approaching privacy
protection. When consumers raise concerns about their privacy, companies respond. Businesses that
are brand sensitive likely to adopt strict privacy practices.
Technology - Answers The rapid advancement of this privacy protection source provides people with
new and advanced means of protecting themselves. (Provides robust privacy protection)
TRUE - Answers True or False: Even if privacy protection from law or market forces is weak, Information
privacy and security best practices can remain strong.
Law - Answers This source of privacy protection is the traditional approach to privacy regulation.
However, simply enacting more of it does not necessarily result in better privacy and security.
FALSE: Laws should be understood as one very important source of privacy protections, but in actual
pratice also depends on markets, technolgy and self regulation. - Answers True or False: Laws should be
the only source of privacy protection.
Self regulation - Answers This source of privacy protection is a complement to law that comes frm
government.
"1) legislation
2) enforcement
3) adjudication" - Answers What three components does self regulation/ co-regulation refer to?
Legislation - Answers What self regulation component defines the privacy rules. For self regulation this
typically occirs through the privacy policy of company, other entity or industry association
Enforcement - Answers What self regulation component refers to who should initiate enforcement
actions. Actions may be brought by data protection authorities, other govmt agencies, undustry code
enforcement, or in some cases affected individuals
,adjudication - Answers What self regulation component refers to the question of who should decide
whether an organization has violated a privacy rule. The decision maker can be an industry association,
govmt agency, or judicial officer.
Comprehensive data protection laws - Answers These are protection laws in which the govmt has
definied requirements thourhgout the economy.
Sectoral laws - Answers These are Laws that exist in selected market segments, often in response to a
particular need or problem. (Ex: the United States and Japan)
How much the specifc country relies on government laws vs. industry codes and stds. - Answers What
does the scope of data protection law depend on?
"Comprehensive and Sectoral frameworks
Co-regulatory or self-regulatory models, and the
technology-based model" - Answers What are the most common data protection models used today?
How much the specific countyr relies on govmt laws vs. industry codes and standards. - Answers The
scope of data protection laws varies depending on what?
Comprehensive - Answers Which data protection laws govern the collection, use and dissemination of PI
in the public and private sectors?
Data Protection Authority (DPA) - Answers A country that has enacted the comprensive model enacts
what kind of official or angency responsicle for overseeing enforcement.?
"overseeing enforcement
-ensures compliance with the law
-investigates breaches
-educates the public on data matters
-acts as internation liason for data protection issues." - Answers What responsibilities fall under the
DPA?
enformcement and funding - Answers What are the two critical issues ina comprehensive data
protection scheme?
1) remedy past injustice
2) ensure consistency with European privacy laws
3) promote electronic commerce - Answers What are the three reasons countries have adopted
comprehensive privacy and data protection laws ?
, TRUE - Answers "True or false: Critics of the comprehensive approach argue two things:
1) that the costs far outweight the benefits. Although certain areas of privacy require more secuirty such
as medical data, may not be justified for far less sensitive data.
2) may provide insufficient oppoertunity for innovation in data processing. "
Sectoral - Answers This framework protect PI by enacting laws that address a particular industry sector.
FALSE: Supporters of the sectoral framework emphasize the cost savings and lack of regulatory burden
for orgs outside of the regulated sectors. - Answers True or false: Supportors of the sectoral framework
complain of the lack of cost saving involved in and increase of regulatory burden for organizations out of
the regulated sectors.
"1)lack of a single data protection authority to oversee PI issues
2) Problems of gaps (might cover one are in industry sector and not another) and overlaps in coverage
(might have more than enforcement agency overseeing the industry sector)" - Answers What are the
two major complaints against the sectoral framework?
Gaps - Answers When dealing with a sectoral framework, these can occur when the legislation lags
behind technological change and unregulated segments face privacy threats with no legislative
guidance.
The (health information technology economic and clinical health) HITECH act of 2009 enacted due to
gaps that HIPAA was not covering entities not traditionally involved in healthcare but offered services
involving the collection and use of large volumes of healthcare info. - Answers In terms of a sectoral
framework, what is example of a gapbeing filled?
Australia - Answers What country uses a co-regulatory laws?
US or Singapore - Answers Which countries use a self regulatory framework?
Both approaches, self and co use a mix of govmt and non govmt instistuation to proect PI - Answers
Under which regulatory approach does government and nongovernment institutions proectect personal
info?
co-regulatory model - Answers Which regulatory model emphasizes industry development of
enforceable codes or standard for privacy and data protection, against the backdrop of legal
requirements by the government?
FALSE- the co-regulatory model can exist under both comprehensive and sectoral frameworks. -
Answers True or false: the co-regulatory model cannot exist under sectoral and comprehensive
frameworks.
Austalia and New Zealand - Answers What countries is co-regulation prominent in?
