FREE Certified Information Privacy Professional IAPP Questions and Answers


Which of the following provisions may apply to criminal prosecution if an agency official with access to records containing personally identifiable information deliberately discloses such information improperly?

Correct! Wrong!

The Privacy Act permits criminal penalties in particular and restricted situations. An official who unlawfully exposes personally identifiable information after accessing documents holding such information may suffer legal repercussions.

This wrongful and intentional disclosure is a crime, and the offender faces fines of up to $5,000. Suppose it is not established beyond a reasonable doubt that the defendant knowingly disclosed the protected information. In that case, several U.S. courts have mandated that they be found not guilty of criminal charges brought under this statute. Gross carelessness has been ruled inadequate in several situations to warrant a conviction.

The name of the group of privacy and data protection regulators who work together to promote data protection on a worldwide scale is the:

Correct! Wrong!

A network of privacy and data protection authorities with the goal of enhancing data security in a worldwide environment is known as the Global Privacy Enforcement Network (GPEN). GPEN helps public bodies with their duties of upholding domestic legislation and enhancing their capacity for international collaboration. Additionally, this network links law enforcement agencies from all around the world to promote collaboration in the global enforcement of privacy and data protection laws.

Which of the following situations falls under California law's private civil action exception for consumers seeking damages?

Correct! Wrong!

While a customer cannot bring a lawsuit against a company for failing to comply with the CCPA's requirements, such as releasing or erasing personal information, Section 1798.81.5 mandates that enterprises take specific precautions to ensure the security of their personal data. If an organization's failure to comply with the CCPA results in a breach of the consumer's unencrypted and unredacted personal information, the consumer may file a private civil action to seek damages.

What is prohibited by the USA Freedom Act of 2015 under Section 215 of the USA Patriot Act?

Correct! Wrong!

The mass collection of Americans' private records under Section 215 of the Patriot Act is prohibited under the USA Freedom Act of 2015. Under this clause, the U.S. government is bound to restrict the range of private data acquisition. The government must limit the gathering of Americans' data as much as possible. Additionally, this law forbids the government of the United States from compiling any data about a particular service provider, such as telecommunications, or vast geographic areas, such as entire area codes.

What is the phrase used to describe the situation where a federal statute overrides a state privacy legislation?

Correct! Wrong!

State legislation addressing common problems, such as the unauthorized gathering and exploitation of personal information, may occasionally be preempted by federal law. Regarding applying privacy and data protection legislation at the federal and state levels, preemption is among the most challenging legal rulings.

In rare instances, district court judges have used their discretion to rule that a claim alleging breaches of federal privacy law does not preempt or invalidate a right of action under a state's privacy legislation. For instance, a district court judge for the sixth circuit determined that claims of invasion of privacy made under state law were not preempted by the claim made under federal law in a case citing claims of the federal Stored Communications Act (18 U.S.C. 2701, et seq.). According to this ruling, the plaintiff, in this instance, has the right to pursue redress under both federal and state tort law.

Which of the following protections provided to job seekers by the FCRA is not one?

Correct! Wrong!

According to the Federal Trade Commission, job seekers have various protections thanks to the Fair Credit Reporting Act. Job candidates have the right to request a written background check, to examine information about their personal and financial affairs, to rectify any errors found in the report, and to challenge any potentially unjust conclusions. They also have the right to be notified about background checks.

Employers must notify job applicants of any adverse actions they may take if they decide to take them based on information from background check reports. This notification is provided to clarify the job applicant's rights to see the report and have any inaccuracies in the report corrected. The person must be advised that if asked within 60 days, the business will offer a free report. Employers are required by the Equal Employment Opportunity Commission to keep background checks for a year after the requested date or until the employer takes corrective action. After a year from that date, employers must discard the consumer report.

What is permitted under the Financial Services Regulatory Relief Act of 2016?

Correct! Wrong!

Cross-marketing between banking affiliates' portfolio firms and financial holding corporations is permitted by the Financial Services Regulatory Relief Act of 2016. Banks cannot solicit business, although they can cross-market trust and fiduciary services to clients with custodial accounts. Customers may receive this cross-market investment advising service through non-account-specific newsletters and stock-specific research that the bank offers to other clients.

Related Content