IAPP CIPP-C Practice Test : Free Online Preparation

Free IAPP CIPP-C Exam Questions

Implementing a system of standardization for privacy notices

Global Manufacturing Co’s Human Resources department recently purchased a new software tool. This tool

helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and

what is said about them. This provides the HR department with an automated “360 review” that lets them

know how the candidate thinks and operates, what their peers and direct reports say about them, and how well

they interact with each other.

What is the most important step for the Human Resources Department to take when implementing this new

Ensuring that the software contains a privacy notice explaining that employees have no right to privacy

as long as they are running this software on organization systems to scan email systems.

Confirming that employees have read and signed the employee handbook where they have been advised

that they have no right to privacy as long as they are using the organization’s systems, regardless of the

protected group or laws enforced by EEOC.

Providing notice to employees that their emails will be scanned by the software and creating automated

Please use the following to answer the next QUESTION:

A US-based startup company is selling a new gaming application. One day, the CEO of the company receives

an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an

EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data

handling practices.

The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in

the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her

withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup

company, was never informed of this request for erasure by the EU-based retail partner. The supervisory

authority investigating the complaint has threatened the suspension of data flows if the parties involved do not

cooperate with the investigation. The letter closes with an urgent request: “Please act immediately by

identifying all personal data received from our company.”

This is an important partnership. Company executives know that its biggest fans come from Western Europe;

and this retailer is primarily responsible for the startup’s rapid market penetration.

As the Company’s data privacy leader, you are sensitive to the criticality of the relationship with the retailer.

Upon review, the data privacy leader discovers that the Company’s documented data inventory is obsolete.

What is the data privacy leader’s next best source of information to aid the investigation?

Which of the following types of information would an organization generally NOT be required to disclose to

If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an

agent, the organization must ensure the third party does all of the following EXCEPT?