Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/US > Ch 3 - Fed & State Regulators > Flashcards

Ch 3 - Fed & State Regulators Flashcards

You may prefer our related Brainscape-certified flashcards:
U.S. Geography flashcards
1
Q

Which of the following is an attribute of the FTC?

a. Governed by a chairperson and four other commissioners
b. Independent, not under the President’s control
c. Authority to enforce unfair and deceptive trade practices
d. All of the above

A

d. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following is not an attribute of the FTC?

a. Governed by a chairperson and four other commissioners
b. Governed by Congress
c. Statutory responsibility for COPPA and CAN SPAM
d. All of the above are attributes

A

b. Governed by Congress

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is a main category of legal action?

a. Civil litigation
b. Legislation
c. Torts
d. None of the above

A

a. Civil litigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is not a main category of legal action?

a. Criminal litigation
b. Administrative enforcement
c. Legislation
d. All of the above

A

c. Legislation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is an attribute of civil litigation?

a. One person sues another person to redress a wrong
b. Monetary judgment is often sought
c. Plaintiff may seek an injunction
d. All of the above

A

d. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An injunction is a:

a. Civil right of action
b. Lawsuit for invasion of privacy
c. Court order mandating that certain behaviors cease
d. None of the above

A

c. Court order mandating that certain behaviors cease

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A common type of civil litigation includes:

a. Government enforcement actions
b. Torts
c. State mandates
d. All of the above

A

b. Torts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is an attribute of criminal litigation?

a. Lawsuits are brought by a government
b. Involves violations of criminal laws
c. May lead to imprisonment or criminal fines
d. All of the above

A

d. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is not an attribute of criminal litigation?

a. Typically involves a consent decree
b. Lawsuits are brought by a government
c. May lead to imprisonment or criminal fines
d. All of the above are attributes of criminal litigation

A

a. Typically involves a consent decree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which federal agency prosecutes violations of criminal law?

a. FTC
b. DOC
c. DOJ
d. Only a and c

A

c. DOJ (Dept of Justice)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which agency prosecutes criminal violations of state law?

a. State Attorney General
b. Department of Justice
c. District Attorney
d. Only a and c

A

d. Only a and c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is an attribute of administrative enforcement actions?

a. Carried out by a state agency
b. Governed by rules in the APA
c. Cases are heard by a municipal court
d. All of the above

A

b. Governed by rules in the APA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is true about the Administrative Procedure Act?

a. Governs how hearings are conducted in state courts
b. Allows state agencies to sue a party in federal court
c. Sets forth rules for adjudication within a federal agency
d. Only b and c

A

c. Sets forth rules for adjudication within a federal agency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following best describes adjudication?

a. A formal judgment on a disputed matter
b. Legal research performed prior to discovery
c. Administration of a guilty verdict
d. Empowerment by the President to make judgments

A

a. A formal judgment on a disputed matter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following federal agencies is primarily responsible for privacy enforcement?

a. DOJ
b. FCC
c. FTC
d. Only b and c

A

d. Only b and c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following federal agencies is actively involved in international negotiations with multinational groups such as the OECD and United Nations?

a. Dept of Commerce
b. Dept of State
c. Dept of Homeland Security
d. Only a and c

A

b. Dept of State

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following federal agencies administers the Privacy Shield Framework between the US and the EU?

a. Dept of Commerce
b. Dept of State
c. Federal Trade Commission
d. None of the above

A

a. Dept of Commerce

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following federal agencies has primary responsibility for enforcement related to privacy and security issues of drones and connected cars?

a. Dept of Commerce
b. Dept of State
c. Dept of Homeland Security
d. Dept of Transportation

A

d. Dept of Transportation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following federal agencies issues guidance on the Privacy Act of 1974 to other federal agencies and their contractors, including privacy and information security issues, such as data breach disclosure and privacy impact assessments?

a. Federal Trade Commission
b. Dept of Commerce
c. Office of Management and Budget
d. None of the above

A

c. Office of Management and Budget

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which of the following federal agencies is subject to privacy rules specifically regarding the disclosure of tax records?

a. Dept of Commerce
b. Internal Revenue Service
c. Office of Management and Budget
d. All of the above

A

b. Internal Revenue Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which of the following is a bureau of the Department of Treasury?

a. Internal Revenue Service
b. Financial Crimes Enforcement Network
c. Office of Management and Budget
d. Only a and b

A

d. Only a and b

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following federal agencies is actively involved in enforcement of rules related to the E-Verify program for new employees, immigration, and air travel records?

a. Dept of Commerce
b. Dept of State
c. Dept of Homeland Security
d. Only a and c

A

c. Dept of Homeland Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which of the following is an operational or support component of the Department of Homeland Security?

a. Transportation Security Administration
b. Financial Crimes Enforcement Network
c. Department of Immigration
d. Only a and c

A

a. Transportation Security Administration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which of the following is an operational or support component of the Department of Homeland Security?

a. Bureau of Transportation Security
b. Financial Crimes Enforcement Network
c. Immigration Customs Enforcement
d. Only a and c

A

c. Immigration Customs Enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is an example of an emerging technology that has increased the involvement of the Dept of Energy in addressing privacy issues:

a. Smart grid
b. Drones
c. Smart cars
d. All of the above

A

a. Smart grid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Section 5 of the FTC Act is also known as:

a. Unfair or Deceptive Acts or Practices
b. Unfair, Deceptive, or Abusive Acts or Practices
c. Both a and b
d. None of the above

A

a. Unfair or Deceptive Acts and Practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Section 5 of the FTC Act applies to those acts performed by

a. Non-Profit Corporations
b. Businesses
c. Federally regulated financial institutions
d. Transportation services

A

b. Businesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Since the creation of the CFPB, the FTC shares responsibility for enforcement of which of the following with the CFPB?

a. Fair Credit Reporting Act
b. Children’s Online Privacy Protection Act
c. Gramm-Leach Bliley Act
d. Only a and c

A

d. Only a and c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Since the creation of the CFPB, the FTC shares responsibility for enforcement of which of the following with the CFPB?

a. Federally regulated communications services carriers
b. Federally insured financial institutions
c. Financial institutions not covered by a separate financial regulator
d. Only a and c

A

c. Financial institutions not covered by a separate financial regulator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

When the FTC alleges UDAP violations due to a data breach caused by poor information security practices, which act governs procedural rules to be followed for the alleged violation?

a. Magnuson-Moss Warranty Act
b. Administrative Procedure Act
c. American Procedural Act
d. None of the above

A

a. Magnuson-Moss Warranty Act

31
Q

During an investigation, the FTC may:

a. Subpoena witnesses
b. Demand civil investigation
c. Require businesses to submit reports
d. All of the above

A

d. All of the above

32
Q

After the FTC issues a complaint and moves forward with an administrative trial, an Administrative Law Judge may:

a. Investigate the alleged violation
b. Prohibit the company from continuing the alleged violation
c. Subpoena records
d. All of the above

A

b. Prohibit the company from continuing the alleged violation

33
Q

The decision of an Administrative Law Judge may be appealed to:

a. The five FTC commissioners
b. Supreme Court
c. Federal District Court
d. Only a and c

A

d. Only a and c

34
Q

The biggest incentive for a company to negotiate a consent decree with the FTC rather than go through full adjudication is:

a. Inclusion on the FTC’s best companies list
b. Free advertising on the FTC’s enforcement actions web page
c. It avoids exposure of its business practices to the public
d. All of the above

A

c. It avoids exposure of its business practices to the public

35
Q

The biggest incentive for the FTC to negotiate a consent decree with a business rather than go through full adjudication is:

a. Avoids expense and time of a trial
b. Easier to assess monetary fines if business does not comply with decree
c. Requires business to incorporate good privacy and security practices
d. All of the above

A

d. All of the above

36
Q

The Bureau of Consumer Protection’s roles and responsibilities include:

a. A functional unit of the Federal Trade Commission
b. Protecting consumers against unfair, deceptive, or fraudulent practices
c. Collecting complaints from consumers, conducting investigations, developing rules, and educating consumers
d. All of the above

A

d. All of the above

37
Q

An order by the FTC becomes final after:

a. 60 days from the date it is served
b. 30 days from the date it is served
c. 90 days from the date it is served
d. None of the above

A

a. 60 days from the date it is served

38
Q

Important federal guidance on the issue of consumer privacy was published in the report:

a. 2012 White House Report
b. Protecting Consumer Privacy in an Era of Rapid Change
c. Business Guide to Increasing Consumer Privacy
d. Only a and b

A

d. Only a and b

39
Q

Three of the seven Consumer Privacy Bill of Rights from the 2012 White House Report include:

a. Individual Control, Transparency, and Respect for Context
b. Access, Collection, and Security
c. Respect, Security, and Focus on Collection
d. None of the above

A

a. Individual Control, Transparency, and Respect for Context

40
Q

Three of the seven Consumer Privacy Bill of Rights from the 2012 White House Report include:

a. Control, Focus, and Retention
b. Access, Collection, and Security
c. Security, Access and Accuracy, and Focused Collection
d. None of the above

A

c. Security, Access and Accuracy, and Focused Collection

41
Q

Three of the seven Consumer Privacy Bill of Rights from the 2012 White House Report include:

a. Control, Focus, and Retention
b. Access, Collection, and Security
c. Access and Accuracy, Focused Collection, and Accountability
d. None of the above

A

c. Access and Accuracy, Focused Collection, and Accountability

42
Q

Which of the following is not a category of the Consumer Privacy Bill of Rights from the 2012 White House Report?

a. Individual Control
b. Focused Retention
c. Security
d. Accountability

A

b. Focused Retention

43
Q

The FTC Report, Protecting Consumer Privacy in an Era of Rapid Change, emphasizes the following areas:

a. Privacy by design
b. Simplified consumer choice
c. Transparency
d. All of the above

A

d. All of the above

44
Q

Three of the five priority areas for attention in the FTC Report include:

a. Do Not Track mechanism, mobile, data brokers
b. Mobile, third-party vendors, and small businesses
c. Data brokers, large platform providers, and promotion of enforceable self-regulatory codes
d. Only a and c

A

d. Only a and c

45
Q

In the 2015 Privacy and Data Security Update, which of the following is one of the five principles of reasonable data security practices for companies?

a. Awareness of consumer data they have processed, and who has accessed it
b. Awareness of consumer data they possess, and who has legitimate access to it
c. Awareness of consumer data they have processed, and how long it should be retained
d. None of the above

A

b. Awareness of consumer data they possess, and who has legitimate access to it

46
Q

In the 2015 Privacy and Data Security Update, which of the following is one of the five principles of reasonable data security practices for companies?

a. Limit the information collected and maintained for legitimate business purposes
b. Limit the information collected and retain for upcoming products
c. Limit the information collected to that needed for future business needs
d. None of the above

A

a. Limit the information collected and maintained for legitimate business

47
Q

In the 2015 Privacy and Data Security Update, which of the following is one of the five principles of reasonable data security practices for companies?

a. Protect consumer data through specific types of encryption
b. Protect consumer data through only allowing management to access data
c. Protect consumer data through performing risk assessments and implementing information security procedures
d. None of the above

A

c. Protect consumer data through performing risk assessments and implementing information security procedures

48
Q

In the 2015 Privacy and Data Security Update, which of the following is one of the five principles of reasonable data security practices for companies?

a. Properly dispose of data after use for future product development
b. Properly dispose of data that is no longer needed
c. Properly dispose of data each time it is used, and request new data from consumer
d. None of the above

A

b. Properly dispose of data that is no longer needed

49
Q

In the 2015 Privacy and Data Security Update, which of the following is one of the five principles of reasonable data security practices for companies?

a. Ensure a plan is in place for responding to security incidents within 7 days of discovery
b. Ensure a plan is in place for responding to customers by phone in the event of a security incident
c. Ensure a plan is in place for responding to security incidents
d. None of the above

A

c. Ensure a plan is in place for responding to security incidents

50
Q

State UDAP laws generally cover unfair and deceptive practices, and some states cover unconscionable practices, which is a legal term that describes:

a. Harsh seller practices
b. Uncommon buyer complaints
c. Practices that make consumers feel uneasy
d. Only a and c

A

a. Harsh seller practices

51
Q

State UDAP laws are generally enforced by:

a. District Attorneys
b. U. S. Attorney’s Office
c. State Attorneys General
d. All of the above

A

c. State Attorneys General

52
Q

Some regulations allow both federal and state agencies to work together on enforcement actions, and may also permit:

a. Community litigation
b. Private right of action
c. Personal right of action
d. None of the above

A

b. Private right of action

53
Q

Which state enacted the first data breach law?

a. Oregon in 2001
b. California in 2002
c. New York in 2002
d. Colorado in 2001

A

b. California in 2002

54
Q

State data breach laws often give enforcement authority to State Attorneys General when:

a. Security controls have been found to be inadequate
b. More than 500 consumers were impacted
c. Three factor encryption methods were not used
d. Only a and c

A

a. Security controls have been found to be inadequate

55
Q

State common law generally allows privacy enforcement through plaintiffs filing lawsuits under:

a. Privacy torts
b. Contract theory
c. Encryption laws
d. Only a and b

A

d. Only a and b

56
Q

Privacy torts typically include:

a. Intrusion upon seclusion
b. Appropriation of name or likeness
c. Publicity given to private life
d. All of the above

A

d. All of the above

57
Q

Which state created a Privacy Task Force that successfully negotiated an agreement with application platform providers for standardization of easily understandable privacy permissions?

a. California
b. Oregon
c. Washington
d. Colorado

A

a. California

58
Q

The National Association of Attorneys General Consumer Protection Project works to:

a. Improve enforcement of state and federal consumer protection laws
b. Support multistate consumer protection enforcement
c. Promotes information exchange regarding investigations, litigation, consumer education, and federal and state legislation
d. All of the above

A

d. All of the above

59
Q

Similar to government regulation, self-regulation may occur through the three separation-of-powers

a. Litigation, enforcement, and adjudication
b. Legislation, enforcement, and adjudication
c. Legislation, enforcement, and consent decree
d. None of the above

A

b. Legislation, enforcement, and adjudication

60
Q

In a self-regulation model, legislation may include:

a. Company policies based on performance guidelines
b. Company policies based on central government guidelines
c. Company policies based on industry guidance
d. Only a and c

A

c. Company policies based on industry guidance

61
Q

Self-regulation models allow for:

a. Non-government entities to fill legislation, enforcement, and adjudication roles
b. A mixture of government and non-government entities to fill legislation, enforcement, and adjudication roles
c. Only government entities to fill legislation, enforcement, and adjudication roles
d. Only a and b

A

d. Only a and b

62
Q

For enforcement of Section 5 of the FTC Act, self-regulation occurs at the:

a. Legislation stage
b. Enforcement stage
c. Adjudication stage
d. All of the above

A

a. Legislation stage

63
Q

In a third-party seal and certification program, such as TrustArc, self-regulation occurs at the:

a. Legislation stage
b. Enforcement stage
c. Adjudication stage
d. All of the above

A

d. All of the above

64
Q

Which of the following is an argument of supporters of self-regulation?

a. Privacy is a human right which requires oversight by the federal government
b. Most people are not concerned about privacy issues so little oversight is needed
c. Industry has greater expertise about how their systems operate, and should be actively involved in creation and enforcement of privacy laws
d. All of the above

A

c. Industry has greater expertise about how their systems operate, and should be actively involved in creation and enforcement of privacy laws

65
Q

The 2012 White House Report supported:

a. Involvement of industry stakeholders
b. Facilitation by Department of Commerce
c. Engagement of consumer groups
d. All of the above

A

d. All of the above

66
Q

Best practices recommended by the National Telecommunications and Information Administration (NTIA) regarding privacy, transparency, and accountability issues for drones include:

a. Inform others of use of drone
b. Secure, and limit the use and sharing of data
c. Monitor and comply with federal, state and local laws related to use of drones
d. All of the above

A

d. All of the above

67
Q

Major problems with cross-border data transfers include:

a. Cooperation between enforcement agencies
b. Conflicts between privacy and disclosure laws
c. Cross-border enforcement
d. All of the above

A

d. All of the above

68
Q

The OECD’s 2007 Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy primarily focuses on:

a. Differences in privacy law and enforcement on a country by country basis
b. Common privacy enforcement issues in the U.S. and the EU
c. Common privacy issues on a global scale
d. Only a and b

A

c. Common privacy issues on a global scale

69
Q

The OECD’s 2007 Recommendation on Cross-Border Co-operation in the Enforcement of Laws Protecting Privacy includes:

a. Sharing best practices for cross-border challenges
b. Developing shared enforcement priorities
c. Supporting joint enforcement initiatives and awareness campaigns
d. All of the above

A

d. All of the above

70
Q

In 2010, in response to the OECD’s Recommendation on Cross-Border Co-operation, the FTC along with global enforcement authorities created the

a. Global Privacy Enforcement Network (GPEN)
b. Asia-Pacific Economic Cooperation Network (APECN)
c. Cross-border Privacy Enforcement Arrangement (CPEA)
d. None of the above

A

a. Global Privacy Enforcement Network (GPEN)

71
Q

The goal of the APEC Cross-border Privacy Enforcement Arrangement (CPEA) is to

a. Allow members to share information about evidence from investigations and enforcement actions in the Asia-Pacific region
b. Facilitate cooperation and communication between members and non-members
c. Create awareness campaigns
d. Only a and b

A

d. Only a and b

72
Q

Privacy laws in the U.S. and the EU generally

a. Have different rules for disclosure of personal information
b. Have very similar rules for disclosure of personal information
c. Have the exact same rules for disclosure of personal information
d. Do not address the disclosure of personal information

A

a. Have different rules for disclosure of personal information

73
Q

In 2012, the policy statement, Cross-border Law Enforcement Access to Company Data – Current Issues under Data Protection and Privacy Laws, was released by the

a. Asia-Pacific Economic Cooperation Network
b. Global Privacy Enforcement Network
c. International Chamber of Commerce
d. None of the above

A

c. International Chamber of Commerce

74
Q

The policy statement, Cross-border Law Enforcement Access to Company Data – Current Issues under Data Protection and Privacy Laws, released in 2012 by the International Chamber of Commerce, addresses

a. Problems that arise when legal requirements conflict with data protection and privacy commitments
b. Analysis of issues related to the conflict between legal requirements and data protection and privacy commitments
c. Recommendations for law enforcement dealing with a conflict between legal requirements and data protection and privacy commitments
d. All of the above

A

d. All of the above

CIPP/US (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions