©JASONMcCONNELL 2025 ALL RIGHTS RESERVED
Certified Information Privacy Professional -
CIPP-US Exam Study Guide 100% Verified.
Accountability - Answer✔Implementation of appropriate technical and organizational measures
to ensure & demonstrate and be able to demonstrate handling of personal data is performed in
accordance w/ relevant law, an idea codified in frameworks (GDPR/ APEC's Cross Boarder
Privacy Rules).
Traditionally, accountability has been Fair information practices, due diligence& reasonable
steps undertaken to ensure personal info. is protected & handled consistently w/ law and fair
principles
Adequate Level of Protection - Answer✔A transfer of personal data from the EU to a third
country or an international organisation may take place where the European Commission has
decided that the third country, a territory or one or more specified sectors within that third
country, or the international organisation in question, ensures an adequate level of protection
by taking into account the following elements: (a) the rule of law, respect for human rights and
fundamental freedoms, both general and sectoral legislation, data protection rules,
professional rules and security measures, effective and enforceable data subject rights and
effective administrative and judicial redress for the data subjects whose personal data is being
transferred; (b) the existence and effective functioning of independent supervisory authorities
with responsibility for ensuring and enforcing compliance with the data protection rules; (c) the
international commitments the third country or international organisation concerned has
entered into in relation to the protection of personal data.
Adverse Action - Answer✔In the Fair Credit Reporting Act (FCRA); all business, credit &
employment actions affecting consumers, having a negative impact (i.e. denying credit,
insurance, employment or promotion)
This requires the decision maker to provide a copy of the credit report leading to adverse
action.
1
, ©JASONMcCONNELL 2025 ALL RIGHTS RESERVED
American Institute of Certified Public Accountants - Answer✔US professional Organization of
Certified Public Accountants or co-creator of the WebTrust Seal program (AICAPA)
Americans with disabilities Act - Answer✔US law that bars discrimination against qualified
individuals with disabilities
ADA
Anti-discrimination Laws - Answer✔Laws are indications of special classes of personal data. If
there exists law protecting against discrimination based on a class or status, it is likely personal
information relating to that class or status is subject to more stringent data protection
regulation, under the GDPR or otherwise
APEC Privacy Principles - Answer✔Set of non-binding principles adopted by the Asia Pac
Economic Cooperative (APEC) that mirror the OECD Fair Information Practices. Though based
on OECD Guidelines, they seek to promote electronic commerce throughout theAsia-Pacific
region by balancing information privacy with business needs.
Background Screening/Checks - Answer✔Organizations verify applicant ability to function in the
working environment as well as assuring the safety and security of existing workers. Range from
checking a person's educational background, criminal activity. Employee consent requirement
vary by member state and may be negotiated w/ local works councils.
Bank Security Act - Answer✔US Federal law requires US financial institutions & money services
businesses (MSBs), entities selling money orders or provide cash transfer services, to record,
retain and report certain financial transactions to the federal government. This is meant to
assist the government investigation of money laundering, tax evasion, terrorist financing and
other international criminal activities.
Behavior Advertising - Answer✔Advertising targeting individuals based on the observation over
time. Most often done via automated processing of personal data, or profiling, the General
Data Protection Regulation requires that data subjects be able to opt-out of any automated
processing, to be informed of the logic involved in personal data processing and, at least when
2
Certified Information Privacy Professional -
CIPP-US Exam Study Guide 100% Verified.
Accountability - Answer✔Implementation of appropriate technical and organizational measures
to ensure & demonstrate and be able to demonstrate handling of personal data is performed in
accordance w/ relevant law, an idea codified in frameworks (GDPR/ APEC's Cross Boarder
Privacy Rules).
Traditionally, accountability has been Fair information practices, due diligence& reasonable
steps undertaken to ensure personal info. is protected & handled consistently w/ law and fair
principles
Adequate Level of Protection - Answer✔A transfer of personal data from the EU to a third
country or an international organisation may take place where the European Commission has
decided that the third country, a territory or one or more specified sectors within that third
country, or the international organisation in question, ensures an adequate level of protection
by taking into account the following elements: (a) the rule of law, respect for human rights and
fundamental freedoms, both general and sectoral legislation, data protection rules,
professional rules and security measures, effective and enforceable data subject rights and
effective administrative and judicial redress for the data subjects whose personal data is being
transferred; (b) the existence and effective functioning of independent supervisory authorities
with responsibility for ensuring and enforcing compliance with the data protection rules; (c) the
international commitments the third country or international organisation concerned has
entered into in relation to the protection of personal data.
Adverse Action - Answer✔In the Fair Credit Reporting Act (FCRA); all business, credit &
employment actions affecting consumers, having a negative impact (i.e. denying credit,
insurance, employment or promotion)
This requires the decision maker to provide a copy of the credit report leading to adverse
action.
1
, ©JASONMcCONNELL 2025 ALL RIGHTS RESERVED
American Institute of Certified Public Accountants - Answer✔US professional Organization of
Certified Public Accountants or co-creator of the WebTrust Seal program (AICAPA)
Americans with disabilities Act - Answer✔US law that bars discrimination against qualified
individuals with disabilities
ADA
Anti-discrimination Laws - Answer✔Laws are indications of special classes of personal data. If
there exists law protecting against discrimination based on a class or status, it is likely personal
information relating to that class or status is subject to more stringent data protection
regulation, under the GDPR or otherwise
APEC Privacy Principles - Answer✔Set of non-binding principles adopted by the Asia Pac
Economic Cooperative (APEC) that mirror the OECD Fair Information Practices. Though based
on OECD Guidelines, they seek to promote electronic commerce throughout theAsia-Pacific
region by balancing information privacy with business needs.
Background Screening/Checks - Answer✔Organizations verify applicant ability to function in the
working environment as well as assuring the safety and security of existing workers. Range from
checking a person's educational background, criminal activity. Employee consent requirement
vary by member state and may be negotiated w/ local works councils.
Bank Security Act - Answer✔US Federal law requires US financial institutions & money services
businesses (MSBs), entities selling money orders or provide cash transfer services, to record,
retain and report certain financial transactions to the federal government. This is meant to
assist the government investigation of money laundering, tax evasion, terrorist financing and
other international criminal activities.
Behavior Advertising - Answer✔Advertising targeting individuals based on the observation over
time. Most often done via automated processing of personal data, or profiling, the General
Data Protection Regulation requires that data subjects be able to opt-out of any automated
processing, to be informed of the logic involved in personal data processing and, at least when
2
