Ch. 4 Information Management Quiz Flashcards
The role of a privacy professional includes:
a. Monitoring external environment for changes to regulations and laws
b. Alerting stakeholders to divergent perspectives within the industry and legal landscape
c. Identifying compliance challenges, and design policies to address ways to manage the risk
d. All of the above
d. All of the above
Which of the following BEST describes an element of reputational risk?
a. Compliance with contractual commitments, privacy promises and commitments to follow industry standards
b. Protecting the trust of consumers regarding the organization’s commitment to following through on its privacy policies
c. Compliance with applicable state, federal and international laws concerning the use of personal information
d. All of the above
b. Protecting the trust of consumers regarding the organization’s commitment to following through on its privacy policies
Which of the following BEST describes an element of operational risk?
a. Administrative efficiency of the organization’s privacy program
b. Ability of the organization to receive a return on investment in information and related activities.
c. Compliance with applicable state, federal and international laws concerning the use of personal information
d. All of the above
a. Administrative efficiency of the organization’s privacy program
Which of the following BEST describes an element of investment risk?
a. Administrative efficiency of the organization’s privacy program
b. Compliance with applicable state, federal and international laws concerning the use of personal information
c. Ability of the organization to receive a return on investment in information and related activities
d. All of the above
c. Ability of the organization to receive a return on investment in information and related activities
A good information management program
a. Uses a holistic approach in assessing the risks and benefits of processing personal information
b. Helps develop policies for important activities
c. Informs activities and processes used to comply with policies
d. All of the above
d. All of the above
Which of the following BEST describes the four basic steps for managing information?
a. Discover, analyze, build, and communicate
b. Discover, build, communicate, and evolve
c. Search, discover, communicate, and evolve
d. None of the above
b. Discover, build, communicate, and evolve
Which of the following occurs during the Discover phase of information management?
a. Issue identification and self-assessment
b. Procedure development and verification
c. Full implementation
d. All of the above
a. Issue identification and self-assessment
Which of the following occurs during the Discover phase of information management?
a. Issue identification
b. Self-assessment
c. Determination of best practices
d. All of the above
d. All of the above
Which of the following occurs during the Build phase of information management?
a. Procedure development and verification
b. Determination of best practices
c. Education
d. All of the above
a. Procedure development and verification
Which of the following occurs during the Build phase of information management?
a. Issue identification and self-assessment
b. Documentation
c. Full implementation
d. All of the above
c. Full implementation
Which of the following occurs during the Communicate phase of information management?
a. Adaptation
b. Procedure development and verification
c. Documentation
d. All of the above
c. Documentation
Which of the following occurs during the Communicate phase of information management?
a. Determination of best practices
b. Education
c. Full implementation
d. All of the above
b. Education
Which of the following occurs during the Evolve phase of information management?
a. Affirmation
b. Monitoring
c. Adaptation
d. All of the above
d. All of the above
A data inventory is required for businesses in some industries under:
a. Gramm-Leach-Bliley Act Privacy Rule
b. Gramm-Leach-Bliley Act Safeguards Rule
c. APEC Privacy Rule
d. None of the above
b. Gramm-Leach-Bliley Act Safeguards Rule
An organized and documented data inventory:
a. Identifies reputational and legal risks
b. Helps mitigate penalties
c. Should be reviewed and updated on a regular basis
d. All of the above
d. All of the above
Data classification:
a. Defines the level of protection needed for specific types of data based on its sensitivity
b. Identifies legal risks for data during a self-assessment
c. Determines which laws and regulations apply to the data flows occurring both internally and externally
d. All of the above
a. Defines the level of protection needed for specific types of data based on its sensitivity
Holding all data in one system:
a. Is a best practice for ensuring ease of management
b. May help reduce duplicate entries
c. May increase the impact of a single data breach
d. None of the above
c. May increase the impact of a single data breach
A documented well-organized data classification system helps an organization:
a. Respond to compliance audits for specific types of data
b. Respond more effectively to legal discovery requests
c. Efficiently use storage resources
d. All of the above
d. All of the above
Documenting data flows should include:
a. How to respond to legal discovery requests
b. Mapping of systems, applications and processes for handling data
c. A plan for responding to a data breach
d. All of the above
b. Mapping of systems, applications and processes for handling data
Which of the following is a PRIMARY consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. Where, how, and how long the data is stored
b. Current laws for obtaining a search warrant
c. Number of team members in Human Resources
d. All of the above
a. Where, how, and how long the data is stored
Which of the following is a PRIMARY consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. How a customer’s marital status is documented
b. Determining how sensitive the information is
c. Current laws for authenticating a customer
d. All of the above
b. Determining how sensitive the information is
Which of the following is a PRIMARY consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. Whether or not the information should be encrypted
b. Whether or not the information will be transferred to other countries, and how it will be transferred
c. Data authorities who enforce the rules for the information
d. All of the above
d. All of the above
Which of the following is a PRIMARY consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. Documenting a customer’s marital status
b. Best practices for providing personal information to law enforcement
c. How the information is processed and the activities performed to maintain the processes
d. All of the above
c. How the information is processed and the activities performed to maintain the processes
Which of the following is a PRIMARY consideration for addressing privacy risk in an organization as it relates to sensitive personal information?
a. Whether the use of the personal information is dependent upon other systems
b. Names of third parties processing data
c. Legal team’s knowledge in the area of privacy
d. All of the above
a. Whether the use of the personal information is dependent upon other systems