Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCSK v4 > Domain 3 - Legal Issues, Contracts and E-discovery > Flashcards

Domain 3 - Legal Issues, Contracts and E-discovery Flashcards

1
Q

True/False: Under different laws, the data controller (typically the entity that has the primary relationship with an individual) is prohibited from collecting and processing personal data unless certain criteria are
met

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

True/False:if the data subject has consented to the collection and proposed uses of his or her data, then the controller may collect and process data, according to the consent agreement.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

True/False:When entrusting a third party to process data on its behalf (a data processor), a data controller remains responsible for the collection and processing of that data. The data controller is required to ensure that any such third parties take adequate technical and
organizational security measures to safeguard the data.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

True/False:Applicable legal requirements will vary tremendously based on the various jurisdictions and legal entities
and frameworks involved.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In many cases, the laws of different countries might apply concurrently, in accordance with different factors. What are these?

A
  • The location of the cloud provider
  • The location of the cloud user
  • The location of the data subject
  • The location of the servers
  • The legal jurisdiction of the contract between parties, which may be different than the locations of any of the parties involved
  • Any treaties or other legal frameworks between those various locations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True/False: Many countries prohibit or restrict the transfer of information out of their borders. In most
cases, the transfer is permitted only if the country to which the data is transferred offers an
“adequate level of protection” (as defined in the relevant national law) of personal information
and privacy rights of affected individuals.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True/False: The purpose of the adequacy requirement is to ensure the individuals whose data is transferred across borders will remain as protected as they were via
policies afforded to them before the transfer of data.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True/False: For Cross-border data transfer, the data importer and exporter may need to sign a contract insuring the maintenance of privacy rights for data subjects as an alternative option

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

For EU/EEA member state, The ______ establishes a
framework to enable networks and information systems to resist, at a given level of confidence,
actions that compromise the availability, authenticity, integrity, or confidentiality of stored, transmitted, or processed data, or the related services that are offered by or accessible through those networks and information systems. This also requires that member state’s national laws impose network and information security requirements on operators of essential services

A

NIS Directive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True/False: Even if a specific activity is not regulated, cloud customers may have a contractual obligation to
protect the personal information of their own clients, contacts or employees to insure data is not
used for secondary purposes, and is not disclosed to, or shared with, third parties.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

True/False:The
organization must guarantee that, when data in its custody is hosted in the cloud, it will have the
continued ability to meet the promises and commitments that it made in its privacy notice(s) or
other contracts. Data in the cloud must be used only for the purposes for which it was collected.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True/False:If the privacy notice allows individual data subjects to have access to their personal data, and to have this information modified or deleted, the cloud service provider must also allow these access, modification,
and deletion rights to be exercised to the same extent as it would in a non-cloud relationship.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When data or operations are transferred to a cloud, the responsibility for protecting and securing
the data typically remains with the _______ of that data, even if in some circumstances this responsibility may be shared with others. Even when it relies on a third party to host or process
its data, the custodian of the data remains liable for any loss, damage, or misuse of the data.

A

Collector or Custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True/False: Before entering into a cloud computing arrangement, only the cloud service vendor should evaluate respective practices, needs and restrictions to identify relevant legal barriers and compliance requirements.

A

False. It should be both CSP and Customer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

True/False: A cloud customer should investigate whether it has entered into any confidentiality agreements or data use agreements that might restrict the transfer of data to third parties, even if these third parties are service providers.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True/False: A data use agreement to which the company is a party will not require the consent of a customer if the company plans to subcontract the processing of the customer’s data to a third party.

A

False. It requires customer’s consent

17
Q

True/False: Moving data to a cloud without the prior permission of the customer (data owner) would cause a breach in the data use agreement with that customer.

A

True

18
Q

What are recommended to ensure required privacy and security measured are followed in an fast evolving cloud environment?

A
  • Periodic Monitoring
  • Periodic Testing
  • Periodic evaluation of cloud services
19
Q

True/False: Before entering into any contract, a critical part of due diligence must be to request and review all
relevant aspects of the operations of the other party—in this case, that of the proposed cloud provider
or vendor

A

True

20
Q

True/False: In most cases, the cloud customer will want to evaluate at least the applicable service level, end-user
and legal agreements; privacy policies; security disclosures; and proof of compliance with applicable
legal requirements (e.g., registration requirements) to ensure the conditions stated by the cloud
provider are suitable for the customer’s organization.

A

True

21
Q

True/False: If one is told that contract is not negotiable., there is no point for review

A

False. The proposed contact should always be reviewed carefully. purchaser of cloud services should understand the consequences and implications of the engagement
it is making. A contract that cannot be negotiated is likely to lack some of the protections that the
typical customer would need. In this case, the customer should weigh the risks from foregoing these
protections against potential benefits.

22
Q

True/False: In cloud computing, third-party audits and attestations are frequently used to assure compliance with aspects of the cloud provider’s infrastructure, allowing a customer to build their own compliant services on top of the cloud platform. It is critical for a provider to publish, and a customer to evaluate, the scope of the assessment, and which features and services
are included in the assessment

A

True

23
Q

_____ is the process by which an opposing party obtains private documents for use in litigation—cover a wide range of potential documents.

A

electronic discovery (e-discovery)

discovery need not be limited to documents known at the outset to be admissible as evidence in court; instead, discovery will apply to all documents reasonably calculated to lead to admissible evidence (evidence that is both relevant and probative).

24
Q

What is ESI?

A

Electronically Stored Information

25
Q

This activity refers to where a party is generally obligated to undertake reasonable steps to prevent the destruction or modification of data in its possession, custody or control that it know pending anticipated litigation or government investigation

A

Data Preservation

26
Q

What are the things to consider for Cloud Data Collection ?

A
  • Access and Bandwidth
  • Forensics (bit by bit imaging is impossible)
  • Reasonable Integrity
  • Limits to accessibility
27
Q

True/False: To keep integrity of ESI that is relevant to any dispute, the requesting party, producing party and provider—
that the relevant information be exported using standard protocols within the cloud environment,
with due care given to preserving relevant information.

A

True

28
Q

True/False: It is in the best interests of both providers and clients to consider the complications caused by
discovery at the beginning of their relationship and to account for it in their SLAs.

A

True

29
Q

True/False: when replying to court order or subpoena, the cloud service provider should ensure, in consultation with counsel, that the request is legal and solid. The cloud service provider should carefully analyze the request before disclosing information in its custody, and
consider whether it can meet its obligations to its clients when releasing information. In some cases,
a provider may be better able to serve the needs of its clients by fighting an overbroad or otherwise
problematic demand for information.

A

True

CCSK v4 (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions