CIPM CIPM Privacy Risk Management

Question 1

What is the primary purpose of a Privacy Impact Assessment (PIA)?

Accepted Answer

To identify and mitigate privacy risks before implementing a new project or system

Answer

To document all existing data processing activities

Answer

To train employees on privacy regulations

Answer

To respond to data subject access requests

Question 2

Under GDPR, what is a Data Protection Impact Assessment (DPIA) specifically designed to address?

Accepted Answer

Processing operations likely to result in high risk to individuals' rights and freedoms

Answer

All routine data processing activities

Answer

Data breaches that have already occurred

Answer

Vendor contracts involving personal data

Question 3

Which of the following scenarios mandates a DPIA under GDPR?

Accepted Answer

Large-scale processing of special categories of personal data

Answer

Sending a monthly newsletter to opted-in subscribers

Answer

Storing employee contact information in an HR system

Answer

Collecting cookies with user consent

Question 4

In privacy risk management, what does 'inherent risk' refer to?

Accepted Answer

The level of risk present before any controls or mitigations are applied

Answer

The risk remaining after all controls have been implemented

Answer

Risk arising from third-party vendors only

Answer

Risk identified after a privacy breach

Question 5

Which NIST publication provides a voluntary privacy framework to help organizations manage privacy risk?

Accepted Answer

NIST Privacy Framework Version 1.0

Answer

NIST SP 800-53

Answer

NIST SP 800-37

Answer

NIST Cybersecurity Framework 2.0

Question 6

What is 'residual risk' in the context of a privacy risk management program?

Accepted Answer

The risk that remains after privacy controls and mitigations have been applied

Answer

The initial risk before any assessment is done

Answer

Risk transferred to a third-party vendor

Answer

Risk arising from regulatory non-compliance only