Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPP/US 1.0 - IAPP > Ch. 7 State Privacy Law Quiz > Flashcards

Ch. 7 State Privacy Law Quiz Flashcards

You may prefer our related Brainscape-certified flashcards:
U.S. Geography flashcards
1
Q

Which are exceptions to state breach notification laws? Select all that apply.

A. Entities subject to other, more stringent data breach notification laws
B. Entities that already follow breach notification procedures that are compatible with state law
C. Entities enrolled in self-certification programs that meet industry security standards

A

A. Entities subject to other, more stringent data breach notification laws

B. Entities that already follow breach notification procedures that are compatible with state law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which state data security law is generally considered the most prescriptive in the nation?

A. California AB 1950 (2004)
B. Massachusetts 201 CMR 17
C. Washington state security law, HB 1149

A

B. Massachusetts 201 CMR 17

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following preempts state law in most areas

A. The Fair and Accurate Credit Transactions Act (FACTA)
B. The Fair Credit Reporting Act (FCRA)
C. The Gramm-Leah Bliley Act (GLBA)
D. The Financial Turmoil Reconciliation Assurance Act (FTRAA)

A

A. The Fair and Accurate Credit Transactions Act (FACTA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the CalOPPA?

A

The California Online Privacy Protection Act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The California law SB-1386 requires businesses that hold computerized personal information to inform consumers if:

A. they go out of business
B. there is a security breach
C. the business has a sale
D. the personal information has not changed

A

B. there is a security breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

As of December 2021, how many states in the U.S. have security breach notification laws?

A. 20
B. 30
C. 45
D. 50

A

D. 50

All 50 U.S. states have laws that require business entities to notify individuals when their personally identifiable information (PII) has become compromised due to a data breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The California SB 1386 covers:

A. health insurance information from California residents.
B. personal information of employees in the state of California.
C. computerized personal information of California residents.
D. SSN information from organizations in the state of California.

A

C. computerized personal information of California residents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The California SB 1386 requires that:

A. medical information is not collected or stored by state employees in California.
B. computerized personal information is appropriately protected.
C. inappropriate access of encrypted or unencrypted personal information must be promptly reported to the affected individuals.
D. inappropriate access of unencrypted personal information must be promptly reported to the affected individuals.

A

D. inappropriate access of unencrypted personal information must be promptly reported to the affected individuals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which state data security law is generally considered the most prescriptive in the nation?

A. California AB 1950 (2004)
B. Massachusetts 201 CMR 17
C. Washington state security law, HB 1149
D. All have the same requirements.

A

B. Massachusetts 201 CMR 17

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True or false?

Most U.S. states have laws limiting the use of Social Security numbers.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True or false?

For data breach notification, state laws require email notice to be the default mode of communication.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True or False?

At the state level, the FTC brings a variety of privacy-related enforcement actions pursuant to state laws prohibiting unfair and deceptive practices.

A

False. State attorneys general enforce state privacy-related laws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Typically, US state security laws apply to all of the following EXCEPT:

A. financial account number
B. name and SSN
C. driver’s license number
D. anonymized information

A

D. anonymized information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

According to state security laws, which of the following states specifically requires that sensitive personal information is encrypted?

A. New York
B. California
C. Nevada
D. Maine

A

C. Nevada

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

According to state security laws, which of the following states requires that access to sensitive personal information be limited to paper records?

A. New York
B. California
C. Nevada
D. Maine

A

A. New York

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Many state security laws have special rules for social security numbers, which include all of the following EXCEPT:

A. SSNs cannot be printed on ID cards
B. SSNs can be printed on paychecks, but only if necessary
C. SSNs cannot be publicly displayed
D. Individuals cannot be required to provide SSNs

A

B. SSNs can be printed on paychecks, but only if necessary

17
Q

In which state must organizations notify affected individuals in the case of a privacy breach, despite the fact that there is no risk of harm?

A. Arizona
B. Texas
C. California
D. New Jersey

A

C. California

18
Q

Unlike other state security laws, the state of Oregon requires that which of the following pieces of information is included in a breach notification letter?

A. the date of the breach
B. contact information for state regulators
C. contact information for consumer reporting agencies
D. a description of the incident

A

A. the date of the breach

19
Q

True or false?

Most U.S. states have laws limiting the use of Social Security numbers.

A

True

20
Q

True or false?

When federal laws do not provide a consumer protection that a state believes is necessary, the state may enact a law to provide the protection for its citizens.

A

True

21
Q

In the event of a data breach, Connecticut’s breach notification law defines personal information as the first name (or initial) and last name in combination with one or more what? Select all that apply.

A. Social Security number 
B. Driver’s license number 
C. Mailing address 
D. Phone number 
E. Bank account or card number in combination with a security or access code
A

A. Social Security number
B. Driver’s license number
E. Bank account or card number in combination with a security or access code

22
Q

The California Data Breach Notification Law requires:

A. California companies to pass an annual inspection of their information security systems
B. California companies to submit a press release to the public when there is a security breach to their systems
C. companies to notify California residents when their personal information may have been accessed by an unauthorized third party through a security breach and may be at risk for identity theft.
D. companies to have 24/7 security personnel to respond immediately to security breaches and notify the proper authorities

A

C. companies to notify California residents when their personal information may have been accessed by an unauthorized third party through a security breach and may be at risk for identity theft.

23
Q

The California data breach notification law (SB 1386):

A. Defines personal information as the person’s name only
B. Does not provide for monetary damages in the event of a breach
C. Is enforced by the California Attorney General and allows for a private right of action
D. Requires encryption of all personal information

A

C. Is enforced by the California Attorney General and allows for a private right of action

Practice Test #2

24
Q

Which of the following are required for an entity to be considered a “business” under the California Consumer Privacy Act? Select all that apply.

A. An entity that makes $10 million in annual revenue
B. An entity that holds the personal information of 50,000 people, households or devices
C. An entity that makes at least half of its revenue from the sale of personal information
D. All of the above.

A

B. An entity that holds the personal information of 50,000 people, households or devices

C. An entity that makes at least half of its revenue from the sale of personal information

“Has annual gross revenues exceeding $25 million.

“Alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.”

“Receives 50 percent or more of annual revenue results from sales of consumers’ personal information.

25
Q

Which are exceptions to state breach notification laws? Select all that apply.

A. Entities subject to other, more stringent data breach notification laws
B. Entities that already follow breach notification procedures that are compatible with state law
C. Entities enrolled in self-certification programs that meet industry security standards
D. None of the above.

A

A. Entities subject to other, more stringent data breach notification laws

B. Entities that already follow breach notification procedures that are compatible with state law

26
Q

Which state data security law is generally considered the most prescriptive in the nation?

A. California AB 1950 (2004)
B. Massachusetts 201 CMR 17
C. Washington state security law, HB 1149
D. All have the same requirements.

A

B. Massachusetts 201 CMR 17

27
Q

The California Online Privacy Protection Act of 2013 (CalOPPA), amended by Assembly Bill 370, requires:

a. Privacy policies to include information on how the operator responds to ‘Do Not Track’ signals or similar mechanisms
b. Privacy policies to state whether third parties can collect PII about the site’s users
c. The operator of a website to display a privacy notice that meets certain content requirements
d. All of the above

A

d. All of the above

28
Q

Which of the following is not required to be included in a privacy notice under CalOPPA?

a. Categories of PII collected through the site, and categories of third parties with who the operator may share PII or other content
b. How the operator responds to the web browser’s Do Not Track signals or other mechanisms that provide consumers the ability to choose regarding collection of PII about an individual consumer’s online activities over time and across third party websites
c. Whether other parties may collect PII about a consumer’s online activities over time and across different websites when a consumer uses the operator’s website
d. All of the above

A

d. All of the above

CIPP/US 1.0 - IAPP (39 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions