CSL CSL Legal, Regulatory & Ethical Frameworks

Question 1

Under the US Health Insurance Portability and Accountability Act (HIPAA), what is a covered entity's obligation following a breach of unsecured PHI?

Accepted Answer

Notify affected individuals, HHS, and potentially media within 60 days of discovery

Answer

Only notify the affected individual if they request it

Answer

File a police report within 24 hours

Answer

Notify the FBI's IC3 within 72 hours

Question 2

Which US federal law governs cybersecurity requirements for financial institutions and requires a Safeguards Rule?

Accepted Answer

GLBA (Gramm-Leach-Bliley Act)

Answer

SOX (Sarbanes-Oxley Act)

Answer

FISMA (Federal Information Security Management Act)

Answer

CFAA (Computer Fraud and Abuse Act)

Question 3

What does the SEC's cybersecurity disclosure rule (effective 2023) require of publicly traded companies?

Accepted Answer

Disclosure of material cybersecurity incidents within 4 business days and annual disclosure of cybersecurity risk management programs

Answer

Annual submission of penetration test results to the SEC

Answer

Appointment of a CISO who reports directly to the SEC

Answer

Mandatory cyber insurance coverage above $10 million

Question 4

Under the Computer Fraud and Abuse Act (CFAA), which activity can create criminal liability for security professionals?

Accepted Answer

Accessing computer systems without authorization, even for research purposes

Answer

Running approved vulnerability scans on internal systems

Answer

Reporting discovered vulnerabilities to vendors

Answer

Conducting authorized penetration tests under a signed contract

Question 5

Which principle from the GDPR gives individuals the right to request deletion of their personal data?

Accepted Answer

Right to erasure (right to be forgotten)

Answer

Right of access

Answer

Right to data portability

Answer

Right to restriction of processing

Question 6

A US company operates in California and collects consumer data. Which state law imposes GDPR-like privacy rights on those consumers?

Accepted Answer

California Consumer Privacy Act (CCPA) / CPRA

Answer

Illinois Biometric Information Privacy Act (BIPA)

Answer

New York SHIELD Act

Answer

Virginia Consumer Data Protection Act (CDPA)