Data Security and Privacy Practices Flashcards

1
Q

he Freedom of Information Act applies to which of the following?

All federal government documents, without restrictions

Federal government documents, with a few enumerated restrictions

Only federal documents containing information concerning the requester

A

Federal government documents, with a few enumerated restrictions

Nine groups of documents are exempt from FOIA requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

HIPAA requires which of the following controls for medical records?

Encryption of all data

Physical controls only

Administrative, technical, and physical controls

A

Administrative, technical, and physical controls

Administrative, technical, and physical controls are mandated by HIPAA, including workforce training and awareness, encryption of data transfers, and physical barriers to records (locked storage rooms)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is not PII?

Customer name

Customer ID number

Customer birth date

A

Customer ID number

A customer ID number generated by a firm to track customer records is meaningful only inside the firm and is generally not considered to be personally identifiable information (PII). It is important not to use the SSN for the customer ID number, for obvious purposes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A privacy impact assessment:

Determines the gap between a company’s privacy practices and required actions

Determines the damage caused by a breach of privacy

Determines what companies hold information on a specific person

A

Determines the gap between a company’s privacy practices and required actions

A PIA determines the gap between what a company is doing with PII and what its policies, rules, and regulations state it should be doing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is an acceptable PII disposal procedure?

Shredding

Burning

Electronic destruction per military data destruction standards

All of the above

A

All of the above

Although using electronic destruction per military data destruction standards might seem excessive (and in many cases it is), all of the options comply with FTC-mandated disposal procedures for PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In the United States, company responses to data disclosures of PII are regulated by:

Federal law, the Privacy Act

A series of state statutes

Contractual agreements with banks and credit card processors

A

A series of state statutes

No overarching federal disclosure statute exists, so company responses to data disclosures of PII are regulated by individual statutes in most states and territories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The U.S. Privacy Act of 1974 applies to which of the following?

Corporate records for U.S.-based companies

Records from any company doing business in the United States

Federal records containing PII

A

Federal records containing PII

The Privacy Act is a federal law, affecting federal records only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data privacy as applicable to organizations is defined as:

The control the organization exerts over its data

The organization being able to keep its information secret

Making data-sharing illegal without consumer consent

A

The control the organization exerts over its data

The control the organization exerts over its data is the definition of data privacy in an enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

All but which of the following are items associated with privacy of health records?

Protected Health Information

Personal Health Information

Notice of Privacy Practices

A

Personal Health Information

The correct term per HIPAA is Protected Health Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The FTC Disposal Rule applies to which of the following?

Small businesses using consumer reporting information

Debt collectors

Individuals using consumer reporting information

All of the above

A

All of the above

All are listed by FTC as responsible for following the Disposal Rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who is responsible for determining what data is needed by the enterprise?

Data owner

Privacy officer

Data custodian

A

Data owner

The data owner determines the business need. The privacy officer ensures that laws and regulations are followed, and the custodian/steward maintains the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data that is labeled “Private” typically pertains to what category?

Confidential information

Legal data

Personal information

A

Personal information

Private data frequently refers to personal data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data that is labeled “Proprietary” typically pertains to what category?

Information under legal hold

Information to be safeguarded by business partners because it contains business secrets

Personal data

A

Information to be safeguarded by business partners because it contains business secrets

Proprietary data may be shared with a third party that is not a competitor, but in labeling the data Proprietary, you alert the party you have shared with that the data is not to be shared further

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the best method to destroy sensitive data on DVDs at a desktop?

Shredding

Burning

Wiping

A

Shredding

A desktop shredder can destroy DVDs and CDs. Burning is not wise at a desk. Wiping and pulping don’t work on DVDs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Information that could disclose the identity of a customer is referred to as?

Customer identity information (CII)

Personally identifiable information (PII)

Privacy protected information (PPI)

A

Personally identifiable information (PII)

Any information that can be used to determine identity is referred to collectively as personally identifiable information (PII)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly