Full Access IAPP CIPP-US Tutorials

Certified Information Privacy Professional/United States (CIPP/US) Questions and Answers

Question 25

What was the original purpose of the Foreign Intelligence Surveillance Act?

Options:

To further define what information can reasonably be under surveillance in public places under the USA PATRIOT Act, such as Internet access in public libraries.

To further clarify a reasonable expectation of privacy stemming from the Katz v. United States decision.

To further define a framework for authorizing wiretaps by the executive branch for national security purposes under Article II of the Constitution.

To further clarify when a warrant is not required for a wiretap performed internally by the telephone company outside the suspect’s home, stemming from the Olmstead v. United States decision.

Question 26

What was the original purpose of the Federal Trade Commission Act?

Options:

To ensure privacy rights of U.S. citizens

To protect consumers

To enforce antitrust laws

To negotiate consent decrees with companies violating personal privacy

Answer:

Explanation:

The Federal Trade Commission Act (FTCA) was adopted in 1914 as part of the Progressive Era reforms that aimed to curb the power and influence of monopolies and trusts in the U.S. economy. The FTCA created the Federal Trade Commission (FTC) as an independent agency to investigate and prevent unfairmethods of competition and unfair or deceptive acts or practices in or affecting commerce. The FTCA also gave the FTC the authority to issue cease and desist orders, seek injunctions, and impose civil penalties for violations of the law. The FTCA was intended to complement and supplement the existing antitrust laws, such as the Sherman Act and the Clayton Act, that prohibited restraints of trade, price-fixing, mergers, and other anticompetitive conduct.

The other options are not correct, because:

The FTCA did not explicitly address privacy rights of U.S. citizens, although the FTC later used its authority under the FTCA to enforce against unfair or deceptive privacy practices, such as making false or misleading claims, failing to disclose material information, or violating consumers’ choices or expectations regarding their personal data.

The FTCA did not specifically focus on consumer protection, although the FTC later expanded its scope to include consumer protection issues, such as advertising and marketing, credit and finance, privacy and security, and consumer education. The FTC also enforced other consumer protection laws, such as the Truth in Lending Act, the Fair Credit Reporting Act, the Children’s Online Privacy Protection Act, and the CAN-SPAM Act.

The FTCA did not authorize the FTC to negotiate consent decrees with companies violating personal privacy, although the FTC later used consent decrees as a common tool to settle privacy cases and impose remedial measures, such as audits, reports, and compliance programs. Consent decrees are agreements between the FTC and the parties involved in a case that resolve the FTC’s charges without admitting liability or wrongdoing.

References:

FTC website, Federal Trade Commission Act

Britannica website, Federal Trade Commission Act (FTCA)

IAPP CIPP/US Study Guide, Chapter 1: Introduction to the U.S. Privacy Environment, pp. 11-12

IAPP website, Federal Trade Commission Act, Section 5 of

Question 27

Even when dealing with an organization subject to the CCPA, California residents are NOT legally entitled to request that the organization do what?

Options:

Delete their personal information.

Correct their personal information.

Disclose their personal information to them.

Refrain from selling their personal information to third parties.

Question 28

SCENARIO

Please use the following to answer the next QUESTION:

A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices.

The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: “Please act immediately by identifying all personal data received from our company.”

This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup’s rapid market penetration.

As the Company’s data privacy leader, you are sensitive to the criticality of the relationship with the retailer.

Under the GDPR, the complainant’s request regarding her personal information is known as what?

Options:

Right of Access

Right of Removal

Right of Rectification

Right to Be Forgotten

Winter Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Certified Information Privacy Professional/United States (CIPP/US) Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce