CIPP/US Exam questions with 100% correct answers 2023

CIPP/US Exam questions with 100% correct answers 2023Types of Privacy (4 types) - correct answer 1. Information Privacy 2. Bodily Privacy 3. Communication Privacy 4. Territorial Privacy Personal vs. Non-personal Information - correct answer Personal Information is any information that relates to or describes an individual. Non personal information is any data that couldn't reasonably relate to an identified or identifiable individual. Sensitive Data (According to the EU Data Protection Directive) - correct answer Referred to as "Special Categories of Data", this is information that reveals racial origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health or sex life. Noted that health data is classified as sensitive in most countries. Source of Information (3 types and what they are) - correct answer 1. Public Records are information collected by and maintained by government and available to the public 2. Publicly available data is data in any form that is accessible to the interested public 3. Non-public information is data that has not been made available to the public. Data Controller - correct answer Person or entity that determines the purpose and means of the processing of personal data. Data Processor - correct answer The person or entity that processes personal data on behalf of the controller. Data Subject - correct answer The person about whom the personal data relates or describes. Privacy Policy - correct answer An internal statement that describes an organization's information handling practices and procedures. Directed at employees and agents of the organization. Privacy Notice - correct answer AN external statement that is directed to an organization's potential and actual customers or users. Describes how the organization will process personal information and typically describes options a data subject has with respect to the organization's processing of personal information. Administrative Safeguards (and examples) - correct answer Management related policies and procedures for protecting personal information. An incident management plan and privacy policy are examples. Physical Safeguards - correct answer Mechanisms that physically protect or prevent access to a resource. Examples include cable locks for laptops and security guards to prevent unauthorized access. Technical Safeguards - correct answer Information technology Measures that protect personal information. Examples include password authentication schemes, encryption, and smart cards. Privacy Impact Assessment (PIA) (What is it and when should it occur) - correct answer A systematic process for identifying potential privacy related risks of a proposed system. When conducting, an organization analyzes how information is collected, stored, protected, shared, and managed to ensure that an organization has consciously incorporated privacy protection measures throughout the lifecycle of the data. It should be carried out whenever a new data processing system or project is proposed or when there are revisions to existing data practices. Privacy Audit or Assessment (What is it, when does it happen and who performs it) - correct answer A systematic examination of an organization's compliance with its privacy policy and procedures, applicable laws, and other agreements and contracts concerning personal information. Audits should be conducted on a regular basis or at the request of a regulatory authority. Typically conducted by internal taskforce, but if they were the ones that developed the program it may make sense to have a third party. Data Lifecycle (4 stages) - correct answer 1. Collection 2. Use 3. Disclosure 4. Retention or destruction FIPS (Fair Information Principles) (Description and 5 Core principles) - correct answer Guidelines that represent widely accepted doctrines concerning fair processing information. It is the foundation