CIPP US Practice Questions well
answered to pass rated A+
What kind of liability may only be asserted in court by governmental authorities and not by a private
citizen?
A. Civil
B. Negligence
C. Criminal
D. Invasion of privacy - correct answer ✔✔C
Which of the following preemployment screening activities would turn a regular consumer report into an
investigative report?
A. The report includes information about prior bankruptcies.
B. The CRA furnishing the report includes information about a job seeker's mortgage payments.
C. The preemployment screening includes a criminal background check.
D. A third‐party agent interviews a job seeker's neighbors about their character. - correct answer ✔✔D
Dana is frustrated because she continues to receive telemarketing calls from her current internet service
provider (ISP), even though she added her number to the national do ‐not ‐call list. Is Dana's ISP breaking
the law?
A. Yes, because it is the responsibility of the ISP to maintain an updated copy of the national do ‐not ‐call
registry.
B. No, because she is a customer of the ISP and the TSR provides an exemption for firms that have an
existing business relationship with a consumer.
C. No, because Dana's ISP may not know she has added her number to the do ‐not ‐call registry.
D. Yes, because the DNC does not provide an exemption for existing customers. - correct answer ✔✔B
Nick and Jenny often meet with other employees in the company cafeteria to advocate for collective
bargaining. One day, Jenny notices that a security camera has suddenly been installed in the cafeteria,
near where they usually sit. Why might this be a problem?
,A. Employees have not consented to video surveillance during their lunch hours when not conducting
company business.
B. Video surveillance may inadvertently reveal an employee's physical disability and lead to compliance
risks under the Americans with Disabilities Act (ADA).
C. The company did not post adequate signage to notify the employees of the new video surveillance
system.
D. The NLRB may view the security camera as an attempt to intimidate employees engaging in unionizing
activities. - correct answer ✔✔D
Gary's firm was recently sued by an athlete who claimed that the firm used his picture in marketing
materials without permission. What type of claim was brought against Gary's firm?
A. False light
B. Appropriation
C. Invasion of solitude
D. Public disclosure of private facts - correct answer ✔✔B
Which one of the following statements about workforce privacy training is incorrect?
A. Computer‐based training is an acceptable training option.
B. Training should include content on specific regulatory requirements.
C. Training should include details on an individual's role in minimizing privacy risks.
D. Every user should receive the same level of training. - correct answer ✔✔D
Which one of the following categories would include any information that uniquely identifies an
individual person?
A. PII
B. PHI
C. PFI
D. PCI - correct answer ✔✔A
Carla is building an inventory of the information maintained by her organization that should be
considered within the scope of its privacy program. Which one of the following types of information
would not normally be included?
,A. Customer transaction records
B. Manufacturing work order records
C. Employee payroll records
D. Job candidate application records - correct answer ✔✔B
1Which of the following laws was primarily intended to help combat money laundering?
A. RFPA
B. SCA
C. BSA
D. EPCA - correct answer ✔✔C
What term is used to describe a voluntary agreement between a firm and the federal government where
the firm agrees to engage or not engage in certain business practices?
A. Conviction
B. Retainer agreement
C. Theory of liability
D. Consent decree - correct answer ✔✔D
What article in the U.S. Constitution defines the powers of the judicial branch?
A. Article I
B. Article II
C. Article III
D. Article IV - correct answer ✔✔C
What federal privacy law contains specific requirements for how organizations must dispose of sensitive
personal information when it is no longer needed?
A. FERPA
B. FACTA
C. GLBA
, D. SOX - correct answer ✔✔B
What individual within an organization is likely to bear overall responsibility for a privacy program?
A. CIO
B. CFO
C. CPO
D. CEO - correct answer ✔✔C
Tom recently filled out a survey about his political and religious views. The survey data is maintained by a
nonprofit research organization. What term best describes Tom's role with respect to this data?
A. Data controller
B. Data processor
C. Data steward
D. Data subject - correct answer ✔✔D
It is probably permissible to use a polygraph test in preemployment screening for all of the following
jobs, except:
A. U.S. Treasury employee
B. Daycare worker
C. Armored car driver
D. Pharmacist - correct answer ✔✔B
Which one of the following firms was sanctioned by the Federal Trade Commission (FTC) after an
investigation showed that they were not diligently carrying out privacy program recertifications of their
clients?
A. Snapchat
B. Nomi
C. TRUSTe
D. GeoCities - correct answer ✔✔C
answered to pass rated A+
What kind of liability may only be asserted in court by governmental authorities and not by a private
citizen?
A. Civil
B. Negligence
C. Criminal
D. Invasion of privacy - correct answer ✔✔C
Which of the following preemployment screening activities would turn a regular consumer report into an
investigative report?
A. The report includes information about prior bankruptcies.
B. The CRA furnishing the report includes information about a job seeker's mortgage payments.
C. The preemployment screening includes a criminal background check.
D. A third‐party agent interviews a job seeker's neighbors about their character. - correct answer ✔✔D
Dana is frustrated because she continues to receive telemarketing calls from her current internet service
provider (ISP), even though she added her number to the national do ‐not ‐call list. Is Dana's ISP breaking
the law?
A. Yes, because it is the responsibility of the ISP to maintain an updated copy of the national do ‐not ‐call
registry.
B. No, because she is a customer of the ISP and the TSR provides an exemption for firms that have an
existing business relationship with a consumer.
C. No, because Dana's ISP may not know she has added her number to the do ‐not ‐call registry.
D. Yes, because the DNC does not provide an exemption for existing customers. - correct answer ✔✔B
Nick and Jenny often meet with other employees in the company cafeteria to advocate for collective
bargaining. One day, Jenny notices that a security camera has suddenly been installed in the cafeteria,
near where they usually sit. Why might this be a problem?
,A. Employees have not consented to video surveillance during their lunch hours when not conducting
company business.
B. Video surveillance may inadvertently reveal an employee's physical disability and lead to compliance
risks under the Americans with Disabilities Act (ADA).
C. The company did not post adequate signage to notify the employees of the new video surveillance
system.
D. The NLRB may view the security camera as an attempt to intimidate employees engaging in unionizing
activities. - correct answer ✔✔D
Gary's firm was recently sued by an athlete who claimed that the firm used his picture in marketing
materials without permission. What type of claim was brought against Gary's firm?
A. False light
B. Appropriation
C. Invasion of solitude
D. Public disclosure of private facts - correct answer ✔✔B
Which one of the following statements about workforce privacy training is incorrect?
A. Computer‐based training is an acceptable training option.
B. Training should include content on specific regulatory requirements.
C. Training should include details on an individual's role in minimizing privacy risks.
D. Every user should receive the same level of training. - correct answer ✔✔D
Which one of the following categories would include any information that uniquely identifies an
individual person?
A. PII
B. PHI
C. PFI
D. PCI - correct answer ✔✔A
Carla is building an inventory of the information maintained by her organization that should be
considered within the scope of its privacy program. Which one of the following types of information
would not normally be included?
,A. Customer transaction records
B. Manufacturing work order records
C. Employee payroll records
D. Job candidate application records - correct answer ✔✔B
1Which of the following laws was primarily intended to help combat money laundering?
A. RFPA
B. SCA
C. BSA
D. EPCA - correct answer ✔✔C
What term is used to describe a voluntary agreement between a firm and the federal government where
the firm agrees to engage or not engage in certain business practices?
A. Conviction
B. Retainer agreement
C. Theory of liability
D. Consent decree - correct answer ✔✔D
What article in the U.S. Constitution defines the powers of the judicial branch?
A. Article I
B. Article II
C. Article III
D. Article IV - correct answer ✔✔C
What federal privacy law contains specific requirements for how organizations must dispose of sensitive
personal information when it is no longer needed?
A. FERPA
B. FACTA
C. GLBA
, D. SOX - correct answer ✔✔B
What individual within an organization is likely to bear overall responsibility for a privacy program?
A. CIO
B. CFO
C. CPO
D. CEO - correct answer ✔✔C
Tom recently filled out a survey about his political and religious views. The survey data is maintained by a
nonprofit research organization. What term best describes Tom's role with respect to this data?
A. Data controller
B. Data processor
C. Data steward
D. Data subject - correct answer ✔✔D
It is probably permissible to use a polygraph test in preemployment screening for all of the following
jobs, except:
A. U.S. Treasury employee
B. Daycare worker
C. Armored car driver
D. Pharmacist - correct answer ✔✔B
Which one of the following firms was sanctioned by the Federal Trade Commission (FTC) after an
investigation showed that they were not diligently carrying out privacy program recertifications of their
clients?
A. Snapchat
B. Nomi
C. TRUSTe
D. GeoCities - correct answer ✔✔C
