Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

IAPP CIPM Questions Answers

Page: 5 / 14
Total 180 questions

Certified Information Privacy Manager (CIPM) Questions and Answers

Question 17

SCENARIO

Please use the following to answer the next QUESTION:

Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handling Shipping, for his work in reforming certain "rogue" offices. Last year, news broke that a police sting operation had revealed a drug ring operating in the Providence, Rhode Island office in the United States. Video from the office's video surveillance cameras leaked to news operations showed a drug exchange between Special Handling staff and undercover officers.

In the wake of this incident, Kelly had been sent to Providence to change the "hands off" culture that upper management believed had let the criminal elements conduct their illicit transactions. After a few weeks under Kelly's direction, the office became a model of efficiency and customer service. Kelly monitored his workers' activities using the same cameras that had recorded the illegal conduct of their former co-workers.

Now Kelly has been charged with turning around the office in Cork, Ireland, another trouble spot. The company has received numerous reports of the staff leaving the office unattended. When Kelly arrived, he found that even when present, the staff often spent their days socializing or conducting personal business on their mobile phones. Again, he observed their behaviors using surveillance cameras. He issued written reprimands to six staff members based on the first day of video alone.

Much to Kelly's surprise and chagrin, he and the company are now under investigation by the Data Protection Commissioner of Ireland for allegedly violating the privacy rights of employees. Kelly was told that the

company's license for the cameras listed facility security as their main use, but he does not know why this matters. He has pointed out to his superiors that the company's training programs on privacy protection and data collection mention nothing about surveillance video.

You are a privacy protection consultant, hired by the company to assess this incident, report on the legal and compliance issues, and recommend next steps.

What should you advise this company regarding the status of security cameras at their offices in the United States?

Options:

A.

Add security cameras at facilities that are now without them.

B.

Set policies about the purpose and use of the security cameras.

C.

Reduce the number of security cameras located inside the building.

D.

Restrict access to surveillance video taken by the security cameras and destroy the recordings after a designated period of time.

Question 18

Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?

Options:

A.

The processor must give the controller prior written notice and perform a preliminary audit of the sub-processor.

B.

The processor must Obtain the controllers specifiC written authorization and provide annual reports on the sub-processor'S performance.

C.

The processor must receive a written agreement that the sub-processor will be fully liable to the controller for the performance of its obligations in relation to the personal data concerned.

D.

The processor must obtain the consent of the controller and ensure the sub-processor complies with data processing obligations that are equivalent to those that apply to the processor.

Question 19

What does it mean to “rationalize” data protection requirements?

Options:

A.

Evaluate the costs and risks of applicable laws and regulations and address those that have the greatest penalties

B.

Look for overlaps in laws and regulations from which a common solution can be developed

C.

Determine where laws and regulations are redundant in order to eliminate some from requiring compliance

D.

Address the less stringent laws and regulations, and inform stakeholders why they are applicable

Question 20

What is the name for the privacy strategy model that describes delegated decision making?

Options:

A.

De-centralized.

B.

De-functionalized.

C.

Hybrid.

D.

Matrix.

Page: 5 / 14
Total 180 questions