Free IAPP CIPM Exam Questions
Try our Free Demo Practice Tests for Comprehensive CIPM Exam Preparation
-
IAPP CIPM Exam Questions
-
Provided By: IAPP
- Exam: Certified Information Privacy Manager
- Certification: Certified Information Privacy Manager
-
Total Questions: 278
-
Updated On: Nov 27, 2024
-
Rated: 4.9 |
-
Online Users: 556
-
Question 1
-
Which of the following is a common disadvantage of a third-party audit?
Answer: C
-
Which of the following is a common disadvantage of a third-party audit?
-
Question 2
-
SCENARIOPlease use the following to answer the next question:Natalia, CFO of the Nationwide Grill restaurant chain, had never seen her fellow executives so anxious. Lastweek, a data processing firm used by the company reported that its system may have been hacked, andcustomer data such as names, addresses, and birthdays may have been compromised. Although the attemptwas proven unsuccessful, the scare has prompted several Nationwide Grill executives to question thecompany's privacy program at today's meeting.Alice, a vice president, said that the incident could have opened the door to lawsuits, potentially damagingNationwide Grill's market position. The Chief Information Officer (CIO), Brendan, tried to assure her that even ifthere had been an actual breach, the chances of a successful suit against the company were slim. But Aliceremained unconvinced.Spencer – a former CEO and currently a senior advisor – said that he had always warned against the use ofcontractors for data processing. At the very least, he argued, they should be held contractually liable for tellingcustomers about any security incidents. In his view, Nationwide Grill should not be forced to soil the companyname for a problem it did not cause.One of the business development (BD) executives, Haley, then spoke, imploring everyone to see reason."Breaches can happen, despite organizations' best efforts," she remarked. "Reasonable preparedness is key."She reminded everyone of the incident seven years ago when the large grocery chain Tinkerton's had itsfinancial information compromised after a large order of Nationwide Grill frozen dinners. As a long-time BDexecutive with a solid understanding of Tinkerton's's corporate culture, built up through many years ofcultivating relationships, Haley was able to successfully manage the company's incident response.Spencer replied that acting with reason means allowing security to be handled by the security functions withinthe company – not BD staff. In a similar way, he said, Human Resources (HR) needs to do a better job trainingemployees to prevent incidents. He pointed out that Nationwide Grill employees are overwhelmed with posters,emails, and memos from both HR and the ethics department related to the company's privacy program. Boththe volume and the duplication of information means that it is often ignored altogether.Spencer said, "The company needs to dedicate itself to its privacy program and set regular in-person trainingsfor all staff once a month."Alice responded that the suggestion, while well-meaning, is not practical. With many locations, local HRdepartments need to have flexibility with their training schedules. Silently, Natalia agreed.Based on the scenario, Nationwide Grill needs to create better employee awareness of the company's privacyprogram by doing what?
Answer: D
-
-
Question 3
-
SCENARIO -
Please use the following to answer the next question:
Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm's first ever privacy officer.
While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.
You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year - enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn't have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.
After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.
While reviewing the contract with the firm the CRM mobility project was outsourced to, all of the following should be mandatory EXCEPT?
Answer: D
-
SCENARIO -
-
Question 4
-
SCENARIOPlease use the following to answer the next question:Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginiato help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in thepractice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiringRichard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist whohandles all of their basic networking needs. He plans to hire more employees once Richard gets settled andassesses the office's strategies for growth.Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order tomodernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all therecords kept in file cabinets, as many of the documents contain personally identifiable financial and medicaldata. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout theday, a practice that not only adds daily to the number of files in the file cabinets, but may create security issuesunless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/printer located in plain view of clients who frequent the building. Yet another area of concern is the use of thesame fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure thatpersonal data receives the utmost security and protection, and eventually move toward a strict Internet faxingpolicy by the year's end.Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, andan overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdamsgranted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, butalso functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the followingday, to get insight into how the office computer system is currently set-up and managed.Which of the following policy statements needs additional instructions in order to further protect the personaldata of their clients?
Answer: D
-
-
Question 5
-
What United States federal law requires financial institutions to declare their personal data collection practices?
Answer: B
-
What United States federal law requires financial institutions to declare their personal data collection practices?