Ch. 3 Quiz Fed and State Regulators Enforcement Quiz

Question 1

Sanctions and fines were imposed by the FTC on the following company for failure to evidence appropriate privacy training to employees:

A. Wells Fargo
B. Guess Jeans
C. Eli Lilly
D. Amazon.com

Answer 1

C. Eli Lilly

Question 2

What privacy rules did the FTC accuse Gateway Learning of violating?

A. sharing customer information with third parties, as explained in its privacy policies
B. sharing customer information with third parties, against its privacy policies
C. sharing customer information without customer permission
D. videotaping customers in private areas

Answer 2

B. sharing customer information with third parties, against its privacy policies
C. sharing customer information without customer permission

Question 3

In a settlement with the FTC, Gateway Learning was required to:

A. cease misrepresenting how it will use consumer information
B. pay back the money earned by renting consumer information
C. stop applying changes to its privacy policy retroactively
D. close down for business

Answer 3

A. cease misrepresenting how it will use consumer information
B. pay back the money earned by renting consumer information
C. stop applying changes to its privacy policy retroactively

Question 4

What was the issue in the Designerware, LLC case?

A. the leaking of a large amount of credit card numbers
B. key loggers, unexpected screenshots and photographs
C. a break-in on one of the servers that stored social security numbers
D. unauthorized disclosure of collected sensitive data

Answer 4

B. key loggers, unexpected screenshots and photographs

Question 5

Which authority supervises and enforces laws regarding advertising to children via the Internet?

A. The Office for Civil Rights
B. The Federal Trade Commission
C. The Federal Communications Commission
D. The Department of Homeland Security

Question 6

According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?

A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it

Question 7

Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?

A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track

Question 8

The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?

A. The 1974 Privacy Act
B. Common law principles
C. European Union Directive
D. Traditional fair information practices

Question 9

Which federal agency is the most visible proponent of privacy concerns in the U.S.?

A. Department of Commerce (DOC)
B. Department of Homeland Security (DHS)
C. Office for Civil Rights (HHS)
D. Federal Trade Commission (FTC)

Answer 9

D. Federal Trade Commission (FTC)

Question 10

During which decade did the FTC’s perspective evolve into a harm-based model?

A. 1980s
B. 1990s
C. 2000s
D. 2010s

Answer 10

C. 2000s

Question 11

This is any data connected with an individual:

A. personally identifiable information
B. personal data
C. data records
D. information

Answer 11

z

Question 12

This is a legal document stating an entity’s practices regarding use and disclosure of personal information.

A. notification
B. mission statement
C. privacy statement
D. personal data objective

Answer 12

C. privacy statement

?

Question 13

Which of the following are privacy seal programs?

A. TRUSTe
B. BBBonline
C. phishing
D. Webtrust

Answer 13

A. TRUSTe

Question 14

According to the FTC Report of 2012, what is the main goal of Privacy by Design?

A. Obtaining consumer consent when collecting sensitive data for certain purposes
B. Establishing a system of self-regulatory codes for mobile-related services
C. Incorporating privacy protections throughout the development process
D. Implementing a system of standardization for privacy notices

Answer 14

C. Incorporating privacy protections throughout the development process

Reference: https://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf

Question 15

What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?

A. A consent decree
B. Stare decisis decree
C. A judgment rider
D. Common law judgment

Answer 15

A. A consent decree

Question 16

The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?

A. The 1974 Privacy Act
B. Common law principles
C. European Union Directive
D. Traditional fair information practices

Answer 16

C. European Union Directive

Question 17

Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?

A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track

Answer 17

A. International data transfers

Question 18

According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?

A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it

Answer 18

A. Determine which bodies will be involved in adjudication

Question 19

In 1991, the Federal Sentencing Guidelines formalized a rule that requires senior execu- tives to take personal responsibility for information security matters. What is the name of this rule?

A. Due diligence rule
B. Personal liability rule
C. Prudent man rule
D. Due process rule

Answer 19

?

Question 20

<p>Which of the following BEST describes the FTC’s guidance in a 2012 report and 2015 update for making material retroactive changes to privacy policies?
<br></br>
<br></br>a. Notify affected consumers, and allow 60 days for an opt-out
<br></br>b. Notify affected consumers, and provide a mail-in opt-out notice
<br></br>c. Obtain express affirmative consent (opt-in) prior to making the change
<br></br>d. None of the above</p>

Answer 20

<p>c. Obtain express affirmative consent (opt-in) prior to making the change</p>

Question 21

Which of the following agencies is not responsible for privacy enforcement?

A. The FTC
B. Department of Education
C. FCC
D.Certain agencies of the executive branch

Answer 21

B. Department of Education

Question 22

What is true of the FTC?

A. The FTC is an independent agency
B. The FTC falls under direct control of the president
C. The FTC focuses solely on privacy
D. The FTC focuses solely on security

Answer 22

A. The FTC is an independent agency

Question 23

When is a data breach to be reported?

A. above 200 persons
B. above 100 persons
C. if minors are involved
D. depends on the state and breach size

Answer 23

D. depends on the state and breach size

Question 24

Is ransomware a data breach?

A. always
B. never
C. depends on whether unauthorized access has been established
D. not if the information was backed up

Answer 24

C. depends on whether unauthorized access has been established

Ransomware - (a type of malware)

(1) locks a user’s operating system, restricting the user’s access to their data &/ or device, or
(2) encrypts the data so that the user is prevented from accessing his or her files

Question 25

If an agency has authority, there are two types of authority that agency can have. Which type of authority does the FTC have?

A. general authority
B. specific authority
C. general authority as well as specific authority
D. operational authority

Answer 25

C. general authority as well as specific authority

Question 26

For which law does the FTC have specific authority?

A. GDPR
B. Children’s Online Privacy Protection Act
C. The APEC Privacy Framework
D. Fair Information Practices

Answer 26

B. Children’s Online Privacy Protection Act. Only US law, otherwise Fair Information Practices are mentioned.

Question 27

This US office enforces a number of different consumer protection, anti-trust, and privacy laws. It fights to prevent fraud and promote competitive markets:

A. the US Data Commissioner’s Office
B. the Consumer Protection Agency
C. the Department of Justice
D. the Federal Trade Commission

Answer 27

D. the Federal Trade Commission

Question 28

Which authorities oversee privacy-related issues in the U.S.? Select all that apply.

A. The Federal Trade Commission (FTC)
B. State attorneys general
C. The national data protection authority
D. Federal financial regulators

Answer 28

A. The Federal Trade Commission (FTC)
B. State attorneys general

D. Federal financial regulator

Question 29

List additional high-profile FTC consent decrees.

Answer 29

<p>• Eli Lilly and Company (2002)</p>

<p>• Nomi (2005)</p>

<p>• DesignerWare (2013)</p>

<p>• LabMD (2013)</p>