Flash Cards 2

Question

FERPA, access, how many days from the time of the request

Answer 1

Access granted within 45 days

Answer 2

parent's financial information, letters of recommendation

Answer 3

admission or enrollment at another school, application for employment, honorary recommendation

Answer 4

a reasonable time

Answer 5

a reasonable period of time

Answer 6

Name, names of family members, student or family addresses, SSN, student Id#, dates of birth, any other info that could be linked to a student with reasonable certainty

Answer 7

for as long as the educational records themselves are maintained

Answer 8

At least annually

Answer 9

DOE, department of education

Answer 10

compliance can't be secured by voluntary means

Answer 11

Office of the Chief Privacy Officer, within 180 days of the violation

Answer 12

Telemarketing Sales Rule, a phone, interstate call, purchase goods

Answer 13

FTC and FCC

Answer 14

provides or arranges for others to provide services

Answer 15

initiatives or receives telephone calls

Answer 16

A non-profit making calls on its own behalf isn't subject to the TSR

Answer 17

someone gave express consent, established business relationship, non profit

Answer 18

both sellers and marketers

Answer 19

Express consent, Established business relationship

Answer 20

transaction with 18 months, consumer inquirey or submitted an application within 3 months

Answer 21

Sellers, Telemarketers, Service Providers, Law Enforcement

Answer 22

procedures, trained, own DCL, downloaded DLC within 31 days, compliance checks, call made in error

Answer 23

FTC at federal level, both private litigants and state attorney general at state level but must notify FTC

Answer 24

Telephone Consumer Protection Act

Answer 25

Between 8am - 9pm, unless they have permission/consent to do otherwise

Answer 26

idmust be made ad the beginning of the call, entity of the seller, purpose for call, nature of good or service, no purchas necessary if prize involved

Answer 27

If upsell happens after the initial transaction, the upsell is considered a new call so all the disclosures have to be said again

Answer 28

accept payment without disclosing the terms

Answer 29

orally or in writing, must be clear and conspicous

Answer 30

nature, purpose, mission, tax deductability, contribution, %, prize, affiliations, endorsements

Answer 31

express verifiable authorization, written or oral, signature, voided check

Answer 32

live person within 2 seconds

Answer 33

< 3% of calls abaondon, ring 4 times or 15 seconds, pre-recorded message, maintain records of compliance

Answer 34

TRUE , unless there is express written consent

Answer 35

it's to a specific seller, does not extend to affiliates or marketing partners

Answer 36

ring 4 times or 15 seconds, recorded message within 2 seconds, opt out mechanism, terminate call once invoked, answering machine or vmail service

Answer 37

made by a covered entity or business associate under HIPAA privacy rule

Answer 38

Billing information can't be sent without express informed consent

Answer 39

Telemarketer to get at least 4 digits of the account number to be charged

Answer 40

unencrypted account numbers; payment for repair services unless time has already expired and seller proves results were achieved; payment for asset recovery less than 7 days...; advanced fee loans; payment for debt relief

Answer 41

must include accurate caller ID

Answer 42

record a credit card not linked to a sale

Answer 43

keep for a period of 2 years after produced / created

Answer 44

just one, either by seller or telemarketer

Answer 45

FCC at federal level, private litigants and the states attorney general at state level but must notify FCC

Answer 46

True, they are not

Answer 47

True, they are not

Answer 48

Corporations or Partnerships larger than 5 people

Answer 49

restrict government access to personal financial information

Answer 50

consent, subpoena, warrant, formaly request from a federal agency

Answer 51

not in excess of 3 months, authorization can be revoked prior to disclosure, to a specific document, identify the government authority, purpose for disclosure, customer's rights

Answer 52

quash in 10 days, 14 if mailing, government must have reason to believe the informaiton is relevant to a ligitimate law enforcement inquiry, customer gets a copy

Answer 53

mail a copy of the search warrant to the customer within 90 days, court may delay the notification for 180 days

Answer 54

is an option when no summons or subpoena is available

Answer 55

the exceptions are called suspicious activty reports (SARs)

Answer 56

A bank can give up your records to perfect a security interest, for bankruptcy, collect a debt, or for a government loan or benefit

Answer 57

Federal court

Answer 58

warrant for a wire tap

Answer 59

4th ammendment warrant requirements intersected with national security

Answer 60

Plenary power or foreign affairs

Answer 61

4th amendment warrant requirements, only applies to US citizens

Answer 62

Foreign intelligence serveillance act, engage in surveillance for national security

Answer 63

to fight terrorism, demanded more detailed reporting, more transparency

Answer 64

US Freedom Act which ended bulk record collecting

Answer 65

Foreign intelligence surveillance court

Answer 66

11 judges appointed by the chief justice, judges serve for 7 years

Answer 67

amicus curiae, US Freedom Act

Answer 68

a FISA order before it is submitted to the FISC

Answer 69

probable cause, foreign power or agent of a foreign power

Answer 70

minimization procedures, significant purpose

Answer 71

pen registers, trap and trace

Answer 72

court of review, if that is denied then the supreme court

Answer 73

appearance of lawful power when you don't have it, it's a criminal offense

Answer 74

anyting that would advance the investigation into foreign intelligence

Answer 75

are prohibited to disclose they have the order

Answer 76

people complying are immune from liability

Answer 77

owner gives consent, official investigation, content relevant to investigation, interception doesn't get comms other than those transmitted

Answer 78

Can be done, 1 year, Attorney General and Dir of National Intelligence must authorize it

Answer 79

FISC to review and approve, has to meet minimization and targeting rules

Answer 80

information from internet backbone, the physical infrastructure

Answer 81

information from internet companies

Answer 82

increase transparency

Answer 83

Congress mandated a bunch of reporting around the number of FISA orders and NSLs; this was added as a requirement to the US Freedom Act

Answer 84

Federal Rules of Civil Procedure (FRCP)

Answer 85

Requests for production, Depositions, Interrogatories, Requests for admission, Subpoena

Answer 86

the court, title, person, rules to challenge

Answer 87

Not to disclose information

Answer 88

for electronic information

Answer 89

emails, databases, server logs, text messages, voicemails, thumb drives, etc.

Answer 90

best practices for e-discovery, data management, data retention, information governance

Answer 91

importance, specificity, originated in the U.S., alternative means, non compliance undermine U.S. interests

Answer 92

subject yourself to U.S. rules

Answer 93

get out of jail free card

Answer 94

Sedona conference, good example of good faith

Answer 95

corp decisions are made in the best interests of the corporation

Answer 96

prevent private information from being disclosed

Answer 97

prevents information disclosure

Answer 98

permits a protective order, annoyance, embarrassment, etc.

Answer 99

Redaction of specific information

Answer 100

relationship between employee and employer

Answer 101

a contract

Answer 102

collective bargaining agreement

Answer 103

constitutional provisions in the workplace

Answer 104

certain C-level executives, public companies

Answer 105

Fair and Accurate Credit Transactions Act (FACTA), how consumer reports are used

Answer 106

Fair Credit Reporting Act (FCRA), regulated by the FTC

Answer 107

welfare of the wage

Answer 108

Fair Labor Standards Act (FLSA), Employment Retirement Income Security Act (ERISA), Occupational Safety and Health Administration (OSHA)

Answer 109

Antidiscrimination laws, Title VII of Civil Rights Act, American Disabilities Act, Age Discrimination Employment Act,

Answer 110

5 members, no more than 3 of the same political party, appointed by the President for no more than 5 years, separate General Counsel serves 4 years and conducts litigation

Answer 111

Right to join unions, negotiates collective bargaining agreements

Answer 112

Civil Rights Act of 1991 and Lilly Ledbetter Fair Pay Act

Answer 113

15 or more

Answer 114

Equal Employment Opportunity Commission (EEOC)

Answer 115

unlawful employment practices, given to them by Title VII

Answer 116

reasonable cause

Answer 117

15 or more people

Answer 118

Covered entities can't discriminate based on disability

Answer 119

carpal tunnel not a disability

Answer 120

Myopia not a disability

Answer 121

can be required as a condition of a job offer if, all entering employees are subject to it, medical condition results are kept separate, results only used in accordance with the ADA

Answer 122

medical exams are permitted if both job related and consistent with business necessity

Answer 123

Employement Retirement Income Security Act (ERISA), Social Security Act, HIPAA

Answer 124

prohibits discrimination for genetic info, but age and sex are excluded

Answer 125

inadvertent, voluntary wellness program, to comply with Family Medical Leave Act, commercially publically available, for law enforcement

Answer 126

employment agencies, labor unions, training programs

Answer 127

in a separate file and treated as confidential medical information

Answer 128

Illinois, Maryland, New York City

Answer 129

Video Interview Act

Answer 130

Facial recognition

Answer 131

Bias audit

Answer 132

reasonable accommodations, screens out poeple with disabilities,

Answer 133

transparent, provide notice, essential functions, a company's vendors comply with the same guidance

Answer 134

excluded females over 55, men over 60

Answer 135

Background checks

Answer 136

protects the employer

Answer 137

prohibitted

Answer 138

Fair Credit Reporting Act (FCRA) , governs the use of Consumer Reports

Answer 139

California Investigative Consumer Reporting Agencies Act which limits the use of credit information

Answer 140

Colorado, Connecticut, Hawaii, Illinois, Maryland ,Nevada, Oregon, Vermont, Washington; and DC, Chicago, NYC, and Philadelphia

Answer 141

Personality, Psychological Evals, Polygraph

Answer 142

Employers prohibited from using lie detctor test unless, government, national defense, business provides security, transport of certain types of goods, companies that make or distribut controlled substances, investigations for economic loss, injury, theft

Answer 143

brief the employee, give a copy of the results and questions asked, results only disclosed to the person, employer, or the court

Answer 144

Secretary of Labor, also has subpoena power for investigations

Answer 145

Iowa, Minnesota, Connecticut

Answer 146

as long as the employee's actions don't negatively impact the employer

Answer 147

purpose, what's monitored, how, what's info is stored, how being used, who disclosed to

Answer 148

employee monitoring

Answer 149

Wiretap Act, one party has to agree to being recorded

Answer 150

Wiretap Act, both parties on the call have to agree to being recorded

Answer 151

Wiretap act

Answer 152

Stored Communication Act (SCA), email monitoring

Answer 153

The person or entity providing the email service agrees

Answer 154

Deleware, Connecticut

Answer 155

when it reaches the business

Answer 156

during business hours, for business purposes, monitoring has been disclosed

Answer 157

California, Minnesota, Tennessee, Texas

Answer 158

security vulnerabilities

Answer 159

unauthorized access or misuse of sensitive data

Answer 160

modify the obligations an employer has on its workforce

Answer 161

video surveillance

Answer 162

email monitoring, union organizing

Answer 163

take seriously, fairness, follow laws and company policies, documentation

Answer 164

ensure a company properly documents employee performance problems

Answer 165

If the investigation involves a consumer report, FTC provided an opinion in the Vail Letter

Answer 166

Third party investigations of employees were subject to the Fair Credit Reporting Act (FCRA) and needed to disclose this to the employee

Answer 167

Fair and Accurate Credit Transaction Act (FACTA) ammended FCRA, employers don't need to disclose they are conducting an employee investigation

Answer 168

don't need to disclose if investigating employee misconduct, related to compliance with laws or company policies, not investigating credit worthiness, communication only proivded to employer or agent, government, regulatory authority, required by law

Answer 169

employment records held by a covered entity

Answer 170

Department of Labor

Answer 171

All kept away from each other in separate files

Answer 172

Restrict access, keep employee records, maintain good will

Answer 173

Activities of the business or person and the intersect with the state

Answer 174

Tenth ammendment gives states the right to pass laws

Answer 175

nationwide baseline compliance

Answer 176

UDAP give state attorney gernals authority to bring enforcement actions

Answer 177

preemption and limiting where federal claims may be filed

Answer 178

the constitution or federal law

Answer 179

states have a general jurisdiction

Answer 180

moving a case from state court to have it heard in federal court

Answer 181

Alabama, plus all states got together to in-act 8 anti-robocall principles

Answer 182

website operators to conspiciously post its privacy policy on websites and mobile apps; also Do Not Track policy

Answer 183

Colorado, Georgia, Maine, Maryland, Massachusetts, New Jersey, Vermont

Answer 184

California, Colorado

Answer 185

Called California SB-1, consumers to opt-in in writing, entitled to opt out

Answer 186

NYDFS, new york dept of financial services

Answer 187

most strict of all states, far beyond GLBA

Answer 188

NYDFS, new york dept of financial services cybersecurity requirements

Answer 189

Healthcare

Answer 190

adequate security measures... under section 5 of unfair or deceptive trade

Answer 191

Uber, Lenovo, D-Link

Answer 192

gold standard for government mandated security practices

Answer 193

one employee to maintain an infosec program, risk mgmt, policies, disciplinary measures, terminated employee no access, vendor mgmt, physical access controls, monitoring, incident mgmt

Answer 194

Washington, similar to what Minnesota did

Answer 195

federal law, prohibits SSNs from being visible in the envelope window

Answer 196

Probhibit SSN from public display, printed on access cards, requiring it be transmitted over the internet, requiring it to be used to access a website, it being on printed materials mailed to homes, selling it

Answer 197

businesses using documents containing persnal information must develop data destruction and disposal policies

Answer 198

defines reasonable data destruction measures as, can't be read or reconstructed,

Answer 199

True, think Iron Mountain

Answer 200

to regulate them, California and Illinois are following suite

Answer 201

California and Virginia

Answer 202

who is covered, the term personal information, the term data breach

Answer 203

When personal information is accessed or acquired without authorization

Answer 204

determine what notification obligations exist

Answer 205

any state resident that is affected be notified

Answer 206

disclose the breach to the owner or licensee of the data

Answer 207

California Dept of Health Services

Answer 208

Attorney General, and Credit Reporting Agencies

Answer 209

the most expeditious time possible and without unreasonable delay, 8 states say within 45 days

Answer 210

10 days, then 24 hours

Answer 211

North Carolina

Answer 212

description, information type, steps to protect info,

Answer 213

No, certain states have certain requirements

Answer 214

No, some states allow for electronic communication if there is prior consent

Answer 215

Where more stringent law applies, an organization follows it's own breach notification procedures, when data was encrypted, redacted, or otherwise unusable

Answer 216

Can get involved when an organization fails to comply with the law

Answer 217

is possible under UDAP statutes in some states

Answer 218

California SB-1386

Answer 219

California Consumer Protection Act (CCPA)

Answer 220

California Privacy Rights Act (CPRA)

Answer 221

First name and last name, or first initial and last name, in combination with other stuff

Answer 222

notification to consumers is necessary only if the data isn't encrypted

Answer 223

most expedient time without unreasonable delay, consistent with the legitimate needs of law enforcement

Answer 224

are placed on the data controller

Answer 225

disclosures in plain language, specificity, and a bunch of stuff

Answer 226

a substitute notice may be used

Answer 227

publically available and encrypted data

Answer 228

shredding, erasing, make unreadable or undecipherable

Answer 229

>25M in revenue, personal info of 50K people, get 50% of its revenue from selling personal info

Answer 230

Third parties are prohibited from selling personal information unless the consumer receives notice and the opportunity to opt out

Answer 231

Any natural person who is a California resident

Answer 232

deidentified or aggregated information

Answer 233

it's a long definition but ends with "for monetary or other valuable consideration"

Answer 234

provide notice at or before collection, what's collected, how used, categories, rights, how to exercise the rights, etc.

Answer 235

Notice, Opt Out, Request Disclosure, Access, Deletion, Not to be dscriminated against

Answer 236

California attorney general

Answer 237

Data breach

Answer 238

the California Privacy Protection Agency (CPPA)

Answer 239

5 member board, enforcement authority transferred from California Attorney General to the CPPA

Answer 240

qualifications in privacy and technology

Answer 241

transparency and accountability requirements under the CCPA

Answer 242

CPRA incorporated security requirements into the CCPA

Answer 243

enter into written contracts with 3rd party data vendors

Answer 244

correct information, use of sensitive info, automated decision making, delete info, expanded access, expanded opt out

Answer 245

Prohibits advertising directed at children, profiling of children, dark patterns

Answer 246

anyone under 18

Answer 247

Virginia, Colorado, Utah, Connecticut

Answer 248

makes Virginia the only state to implement comprehensive privacy laws

Answer 249

GLBA, HIPPA, and non profits

Answer 250

without undue delay, no later than 45 days

Answer 251

State attorney general

Answer 252

No rule making authority, Data Controllers have to rely on the text of the statute

Answer 253

HIPPA, GLBA, COPPA, FERPA

Answer 254

It applies to non profits

Answer 255

business / affiliate framework

Answer 256

a person not limitted in processing or fails to follow the instructions of the controller, now is considered the controller

Answer 257

appropropriate technical and organizational safegaurds, data processing contracts, controllers to conduct data protection assessments where there is a hightened risk of harm

Answer 258

opt out, access, correct, delete, portability

Answer 259

State attorney general, local district attorneys, covered under the state UDAP

Answer 260

lies with the State attorney general

Answer 261

aggregated data

Answer 262

State attorney general

Answer 263

publically available info and personal data solely used for payment transactions, i.e. completing a sale

Answer 264

access, correct, delete, portability, universal opt out signals

Answer 265

Attorney general, no private cause of action

Answer 266

can't search phones or online accounts without a court order or consent or an emergency

Answer 267

Deleware's version of COPPA but childeren are anyone under 18

Answer 268

Prohibits ads for tobacco, firearms, tanning equipment..

Answer 269

FCRA, fraud prevention, publically available, drivers privacy protection act, GLBA

Answer 270

to provide an online notice and designated request address to no sell data, have 60 days to process it

Answer 271

data brokers

Answer 272

Vetoed by the governor, affirmative express consent before getting geolocation info from a consumer's device

Answer 273

when retailers can scan a person's identification card, sale of the data is prohibited

Answer 274

can't put biometric data into a database for commercial purposes without adequate notice, consent obtained, and can prevent subsequent use

Answer 275

private information and data breach

Answer 276

biometric data, account number, user names

Answer 277

when private information is accessed without authorization

Answer 278

when it was accessed by accident

Answer 279

develop, implement, maintain reasonable safeguards to protect security and disposal

Answer 280

size and complexity

Answer 281

most comprehensive privacy for student records, info is called covered info, any personally identifiable information

Answer 282

are prohibited from advertising, profiling, selling, or disclosing covered information

Answer 283

no selling, or disclosing, there are some exceptions, and the school needs a privacy officer

Answer 284

encrypted data is no longer an excluded, you have to notify consumers

Answer 285

encrypted data is not excluded if there is a risk the key was compromised

Answer 286

medical info, biometric info, health insurance info now in scope

Answer 287

HIPPA regulated entities have to notify the attorney general now if there is a breach

Answer 288

apply to encrypted and non encrypted data, biometric data, personal health information

Answer 289

don't need to notify if there is no harm to consumers but you must notifiy the attorney general

Answer 290

similar to the Fair Credit Reporting Act (FCRA) requirements, the data breach laws regulate the credit reporting agencies