Ch. 3 Quiz Fed and State Regulators Enforcement Quiz Flashcards
Sanctions and fines were imposed by the FTC on the following company for failure to evidence appropriate privacy training to employees:
A. Wells Fargo
B. Guess Jeans
C. Eli Lilly
D. Amazon.com
C. Eli Lilly
What privacy rules did the FTC accuse Gateway Learning of violating?
A. sharing customer information with third parties, as explained in its privacy policies
B. sharing customer information with third parties, against its privacy policies
C. sharing customer information without customer permission
D. videotaping customers in private areas
B. sharing customer information with third parties, against its privacy policies
C. sharing customer information without customer permission
In a settlement with the FTC, Gateway Learning was required to:
A. cease misrepresenting how it will use consumer information
B. pay back the money earned by renting consumer information
C. stop applying changes to its privacy policy retroactively
D. close down for business
A. cease misrepresenting how it will use consumer information
B. pay back the money earned by renting consumer information
C. stop applying changes to its privacy policy retroactively
What was the issue in the Designerware, LLC case?
A. the leaking of a large amount of credit card numbers
B. key loggers, unexpected screenshots and photographs
C. a break-in on one of the servers that stored social security numbers
D. unauthorized disclosure of collected sensitive data
B. key loggers, unexpected screenshots and photographs
Which authority supervises and enforces laws regarding advertising to children via the Internet?
A. The Office for Civil Rights
B. The Federal Trade Commission
C. The Federal Communications Commission
D. The Department of Homeland Security
According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?
A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it
Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?
A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track
The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?
A. The 1974 Privacy Act
B. Common law principles
C. European Union Directive
D. Traditional fair information practices
Which federal agency is the most visible proponent of privacy concerns in the U.S.?
A. Department of Commerce (DOC)
B. Department of Homeland Security (DHS)
C. Office for Civil Rights (HHS)
D. Federal Trade Commission (FTC)
D. Federal Trade Commission (FTC)
During which decade did the FTC’s perspective evolve into a harm-based model?
A. 1980s
B. 1990s
C. 2000s
D. 2010s
C. 2000s
This is any data connected with an individual:
A. personally identifiable information
B. personal data
C. data records
D. information
z
This is a legal document stating an entity’s practices regarding use and disclosure of personal information.
A. notification
B. mission statement
C. privacy statement
D. personal data objective
C. privacy statement
?
Which of the following are privacy seal programs?
A. TRUSTe
B. BBBonline
C. phishing
D. Webtrust
A. TRUSTe
According to the FTC Report of 2012, what is the main goal of Privacy by Design?
A. Obtaining consumer consent when collecting sensitive data for certain purposes
B. Establishing a system of self-regulatory codes for mobile-related services
C. Incorporating privacy protections throughout the development process
D. Implementing a system of standardization for privacy notices
C. Incorporating privacy protections throughout the development process
Reference: https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf
What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?
A. A consent decree
B. Stare decisis decree
C. A judgment rider
D. Common law judgment
A. A consent decree
The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?
A. The 1974 Privacy Act
B. Common law principles
C. European Union Directive
D. Traditional fair information practices
C. European Union Directive
Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?
A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track
A. International data transfers
According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?
A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it
A. Determine which bodies will be involved in adjudication
In 1991, the Federal Sentencing Guidelines formalized a rule that requires senior execu- tives to take personal responsibility for information security matters. What is the name of this rule?
A. Due diligence rule
B. Personal liability rule
C. Prudent man rule
D. Due process rule
?
<p>Which of the following BEST describes the FTC’s guidance in a 2012 report and 2015 update for making material retroactive changes to privacy policies?
<br></br>
<br></br>a. Notify affected consumers, and allow 60 days for an opt-out
<br></br>b. Notify affected consumers, and provide a mail-in opt-out notice
<br></br>c. Obtain express affirmative consent (opt-in) prior to making the change
<br></br>d. None of the above</p>
<p>c. Obtain express affirmative consent (opt-in) prior to making the change</p>
Which of the following agencies is not responsible for privacy enforcement?
A. The FTC
B. Department of Education
C. FCC
D.Certain agencies of the executive branch
B. Department of Education
What is true of the FTC?
A. The FTC is an independent agency
B. The FTC falls under direct control of the president
C. The FTC focuses solely on privacy
D. The FTC focuses solely on security
A. The FTC is an independent agency
When is a data breach to be reported?
A. above 200 persons
B. above 100 persons
C. if minors are involved
D. depends on the state and breach size
D. depends on the state and breach size
Is ransomware a data breach?
A. always
B. never
C. depends on whether unauthorized access has been established
D. not if the information was backed up
C. depends on whether unauthorized access has been established
Ransomware - (a type of malware)
(1) locks a user’s operating system, restricting the user’s access to their data &/ or device, or
(2) encrypts the data so that the user is prevented from accessing his or her files
If an agency has authority, there are two types of authority that agency can have. Which type of authority does the FTC have?
A. general authority
B. specific authority
C. general authority as well as specific authority
D. operational authority
C. general authority as well as specific authority
For which law does the FTC have specific authority?
A. GDPR
B. Children’s Online Privacy Protection Act
C. The APEC Privacy Framework
D. Fair Information Practices
B. Children’s Online Privacy Protection Act. Only US law, otherwise Fair Information Practices are mentioned.
This US office enforces a number of different consumer protection, anti-trust, and privacy laws. It fights to prevent fraud and promote competitive markets:
A. the US Data Commissioner’s Office
B. the Consumer Protection Agency
C. the Department of Justice
D. the Federal Trade Commission
D. the Federal Trade Commission
Which authorities oversee privacy-related issues in the U.S.? Select all that apply.
A. The Federal Trade Commission (FTC)
B. State attorneys general
C. The national data protection authority
D. Federal financial regulators
A. The Federal Trade Commission (FTC)
B. State attorneys general
D. Federal financial regulator
List additional high-profile FTC consent decrees.
<p>• Eli Lilly and Company (2002)</p>
<p>• Nomi (2005)</p>
<p>• DesignerWare (2013)</p>
<p>• LabMD (2013)</p>
