Ch. 12 - Workplace Privacy Quiz Flashcards
Which of the following is not a key attribute of security?
A. Confidentiality
B. Integrity
C. Delivery
D. Availability
C. Delivery
Which type of security controls can be considered in developing a security strategy?
A. Physical, administrative, technical
B. Practice, reactive, distortive
C. Detective, cumulative, reactive
D. Physical, cosmetic, digital
A. Physical, administrative, technical. In the context of security. The controls are most often physical, administrative, technical
What is the best fitting description of a data breach?
A break into security measures resulting in the unauthorized access of data for a breach, just remember that something must have gone wrong either malicious or incidental, where something didn’t work the way it should have worked (w/ exception depending on the definitions in the specific legislation.
When a consent decree is published, what has happened?
The FTC and the other party entered in an agreement to stop a certain conduct, and the information is published for other organizations to see.
How can the Federal Trade Commission be best described?
A part of the executive branch w/ rulemaking powers
Selfie Shenanigans is planning to implement its newest feature in US (only). It will analyze all uploaded photos for visible signs of health issues. The data is sold to the user’s health insurer which law would least possibly be broken?
A. HIPAA
B. Children’s Online Privacy Protection Act
C. GDPR
D. HITECH
C. GDPR only applies to Europe this was in the US only
Selfie Shenanigans. You find out the website has a privacy notice that is shown before users sign up. What needs to happen?
A check whether the new practice is allowed for, according to the privacy notice, needs to be performed
For which law does the FTC have specific authority?
A. GDPR
B. Children’s Online Privacy Protection Act
C. The APEC Privacy Framework
D. Fair Information Practices
B. Children’s Online Privacy Protection Act. Only US law, otherwise Fair Information Practices are mentioned.
What safeguard is often put in place by researchers when using medical data for research?
The data is de-identified. De-identification lowers the risk of recognition.
To what kind of institutions does the Family Educational Rights and Privacy Act apply?
Educational institutions that receive federal funding
Which type of information is still allowed to be disclosed under the Family Educational Right & Privacy Act?
A. Grade point average
B. Directory information
C. Home address students
D. Health insurance coverage
B. Directory information - is allowed to be disclosed. Whether the other three fall under FERPA can be debatable perhaps to some extent
Due to the 2007 revisions to the Federal Rules of Civil Procedures what is now required?
Redacting sensitive personal information
Which of the following is not required of a subpoena according to the Federal Rule of Civil Procedure 45?
A. State the court from which it is issued
B. State the title of the action and its civil action number
C. Take photographic evidence of the receipt of the subpoena
D. Mention a person’s right to challenge or modify the subpoena
C. Take photographic evidence of the subpoena, A, B, and D are explicitly required
How can courts prohibit the disclosure of personal information used or generated in litigation?
A. The court can issue a protective order
B. The court can issue a restrictive order
C. The court can issue a reactive order
D. The court can issue a national security letter
A. The court can issue a protective order
In 2016 the FBI was quarreling with Apple. What was the quarrel about?
A. new firmware slowing down phones
B. helping gain access to the data on a seized phone
C. the tablets in the Federal Bureau of Investigation’s office could not fit the micro-SD required for the investigation
D. a cloud security breach exposing pictures of celebrities
B. Helping gain access to the data on a seized phone
Which of the following is most accurate regarding workplace privacy?
A. Workplace privacy is the same in every state
B. US privacy protection at the workplace is the strictest in the world
C. Workers have a high level of influence in workplace practices
D. There is no law that covers privacy specifically
D. There is no law that covers privacy specifically
Which of the following is not a source of protection for employees?
A. State labor laws
B. Contract and tort law
C. Overarching employment privacy law
D. Certain federal laws
C. Overarching employment privacy laws
What is the most accurate comparison between US and EU workplace privacy?
A. the US inspired the EU legislation
B. the EU has no law that is applicable to the workplace
C. the US had cubicles, whereas in the EU cubicles are forbidden because of privacy concerns
D. EU employees data falls under the scope of the General Data Protection Regulation and offers more protection
D. EU employees data falls under the scope of the General Data Protection Regulation and offers more protection
What can be said about the constitution’s Fourth Amendment?
A. it provides protection from employers
B. it provides protection from government employers
C. it doesn’t concern privacy
D. it only protects against the king of England
B. it provides protection from government employers
In the US, it is employment at will. What is the consequence of this?
A. all legislation is rendered invalid
B. you can buy privacy
C. many aspects, covered by laws in other continents, are at the discretion of the employer
D. employees have no rights
C. many aspects, covered by laws in other continents, are at the discretion of the employer
Which of the following is not tort that can be relied on as an employee in a privacy case?
A. intrusion upon seclusion
B. publicity given to private life
C. defamation
D. intellectual property
D. intellectual property
Of the following laws, which does not have employment privacy implications?
A. The Children’s Online Privacy Protection Act
B. The Employee Retirement Income Security Act
C. HIPAA
D. The Fair Labor Standards Act
A. The Children’s Online Privacy Protection Act
At which state of employment do employers need to take into account workplace privacy considerations
A. before employment
B. before, during, and after employment
C. during employment
D. after employment
B. before, during, and after employment
What is true about Bring Your Own Device policies?
A. only company-issued equipment is allowed to be used
B. it brings along security risks and requires reconsideration of the level of monitoring
C. employees surrender their data when a Bring Your Own Device policy is in place
D. Bring Your Own Device practices are illegal
B. it brings along security risks and requires reconsideration of the level of monitoring
Which of the following is not a source of protection for employees?
A. State labor laws
B. Contract and tort law
C. Overarching employment privacy law
D. Certain federal laws
Job candidate background screenings are required for what types of jobs? Select all that apply.
A. Those who work with children
B. Those who work with the elderly
C. Those who work with students (this is a little confusing—what if the students are children under a certain age?
D. Those who work with disabled individuals