Flash Cards 2

Question 1

Consumer report, Furnishers are obligated to..

Answer 1

correct and update information, provide notice of disputes, notice of account closures, notice of delinquency within 90 days of being given to collectors, notice of identity theft

Question 2

Consumer report, Financial institution, negative info to CRA, must also..

Answer 2

Give notice to the cusumer within 30 days ; there is a safe harbor if they have reasonable practices for doing so

Question 3

Consumer report, Furnishers to provide a dispute process to consumers, T or F

Answer 3

t

Question 4

Consumer report, Furnishers, dispute, re-investigation to be completed within..

Answer 4

30 days

Question 5

Consumer report, Furnishers must have this in place, policies…

Answer 5

and procedures in place to handle disputes and ensure accuracy and integrity of information provided by CRAs

Question 6

Who regulates the Consumer Report stuff, FACTA stuff

Answer 6

FTC and CFPB

Question 7

Red Flags rule is for what..

Answer 7

Identity theft

Question 8

Investigative consumer report is what

Answer 8

a consumer report that includes information on your character and reputation; done through personal interviews

Question 9

Investigative consumer reports, consumer has to be notified, and within 3 days of the request, T or F

Answer 9

t

Question 10

Investigative consumer reports, users of it must..

Answer 10

must certify to the CRA that disclosures have been made and upon written request by consumer provide them with disclosures

Question 11

Investigative consumer reports, safe harbor..

Answer 11

yes, if they have reasonable procedures in place to comply with the law

Question 12

Investigative consumer reports, CRAs have to what before they start one..

Answer 12

get the required certifications and not violate the equal opportunity laws

Question 13

Investigative consumer report, CRAs, negative info rules..

Answer 13

verify, can’t be included in subsequent reports unless re-verified

Question 14

FCRA rule making outline

Answer 14

Dodd-Frank law transferred rule making to the Consumer Financial Protection Bureau

Question 15

FCRA enforce outline

Answer 15

Enforcement is shared between the Consumer Financial Protection Bureau and the FTC

Question 16

FCRA may also be enforced by whom

Answer 16

Functional regulators

Question 17

FCRA and State Attorneys General have

Answer 17

State attorney generals have investigative and enforcement for consumers in their state

Question 18

FCRA identity theft pre-emption

Answer 18

State laws aren’t pre-emptedy the FCRA for identity theft IF they are consistent with the FCRA

Question 19

FCRA civil liability

Answer 19

yes, if found to knowingly and willingly done it, but Furnishers are generally exempt

Question 20

What is FERPA

Answer 20

Family education rights and privacy act

Question 21

FERPA is also called what

Answer 21

Buckley amendment

Question 22

FERPA applies to what schools

Answer 22

Any school taking federal education funding

Question 23

FERPA applies to what records

Answer 23

Education records

Question 24

FERPA exceptions

Answer 24

Ancillary, Campus Police, Employment, Health Treatment, Alumni, Application, Peer Reviewed Papers

Question 25

FERPA, access, how many days from the time of the request

Answer 25

Access granted within 45 days

Question 26

FERPA, access exceptions

Answer 26

parent’s financial information, letters of recommendation

Question 27

FERPA, access student signs waiver

Answer 27

admission or enrollment at another school, application for employment, honorary recommendation

Question 28

FERPA, innacurate records to be fixed within..

Answer 28

a reasonable time

Question 29

FERPA, what piece of information is never Directory Information

Answer 29

SSN

Question 30

FERPA, how much time before publishing director information

Answer 30

a reasonable period of time

Question 31

FERPA, directory info of former students may be disclosed without notice, T or F

Answer 31

t

Question 32

FERPA, directory info, pior opt opt wishes to be honored after student graduates, T or F

Answer 32

t

Question 33

FERPA, def of personal info

Answer 33

Name, names of family members, student or family addresses, SSN, student Id#, dates of birth, any other info that could be linked to a student with reasonable certainty

Question 34

FERPA, how to long to maintain records records requesting access

Answer 34

for as long as the educational records themselves are maintained

Question 35

FERPA, notice of rights, how often is the notice sent

Answer 35

At least annually

Question 36

FERPA, who has enforcement authority

Answer 36

DOE, department of education

Question 37

FERPA, funding can be pulled when..

Answer 37

compliance can’t be secured by voluntary means

Question 38

FERPA, where to send complaints

Answer 38

Office of the Chief Privacy Officer, within 180 days of the violation

Question 39

As a general rule, a student’s school health records are subject to FERPA not HIPAA, T or F

Answer 39

t

Question 40

What is the TSR

Answer 40

Telemarketing Sales Rule, a phone, interstate call, purchase goods

Question 41

The telemarketing industry is regulated by both..

Answer 41

FTC and FCC

Question 42

TSR, seller definition

Answer 42

provides or arranges for others to provide services

Question 43

TSR, telemarketer

Answer 43

initiatives or receives telephone calls

Question 44

TSR exception

Answer 44

A non-profit making calls on its own behalf isn’t subject to the TSR

Question 45

Telephone solicitation exception

Answer 45

someone gave express consent, established business relationship, non profit

Question 46

Who must access the don not call list

Answer 46

both sellers and marketers

Question 47

Call lists must be updated every x days

Answer 47

31 days

Question 48

TSR, what practice is prohibited

Answer 48

abusive

Question 49

Don not call list exceptions

Answer 49

Express consent, Established business relationship

Question 50

Established business relationship def

Answer 50

transaction with 18 months, consumer inquirey or submitted an application within 3 months

Question 51

Who may access the Do Not Call registry

Answer 51

Sellers, Telemarketers, Service Providers, Law Enforcement

Question 52

TSR does have a safe harbor if..

Answer 52

procedures, trained, own DCL, downloaded DLC within 31 days, compliance checks, call made in error

Question 53

Enforcement of the TSR is done by..

Answer 53

FTC at federal level, both private litigants and state attorney general at state level but must notify FTC

Question 54

What is the TCPA

Answer 54

Telephone Consumer Protection Act

Question 55

TSR, when to call

Answer 55

Between 8am - 9pm, unless they have permission/consent to do otherwise

Question 56

Prompt disclosure

Answer 56

idmust be made ad the beginning of the call, entity of the seller, purpose for call, nature of good or service, no purchas necessary if prize involved

Question 57

Prompt disclosure upsell

Answer 57

If upsell happens after the initial transaction, the upsell is considered a new call so all the disclosures have to be said again

Question 58

Deceptive telemarketing practice if..

Answer 58

accept payment without disclosing the terms

Question 59

Material terms can be communicated how..

Answer 59

orally or in writing, must be clear and conspicous

Question 60

For charitable donations, telemarketers may not misrepresent

Answer 60

nature, purpose, mission, tax deductability, contribution, %, prize, affiliations, endorsements

Question 61

When accepting payment for a charitiable donation other than credit or debit card, you must get ..

Answer 61

express verifiable authorization, written or oral, signature, voided check

Question 62

Abandoned call..

Answer 62

live person within 2 seconds

Question 63

Call abandon safe harbor

Answer 63

< 3% of calls abaondon, ring 4 times or 15 seconds, pre-recorded message, maintain records of compliance

Question 64

TSR prohibits pre-recorded messages called robo calls, T or F

Answer 64

TRUE , unless there is express written consent

Question 65

TSR consent applicability

Answer 65

it’s to a specific seller, does not extend to affiliates or marketing partners

Question 66

Robo calls with epress written consent rules

Answer 66

ring 4 times or 15 seconds, recorded message within 2 seconds, opt out mechanism, terminate call once invoked, answering machine or vmail service

Question 67

Robo call exception

Answer 67

made by a covered entity or business associate under HIPAA privacy rule

Question 68

Robo texts are also prohibited, T or F

Answer 68

t

Question 69

TSR, billing information, consent

Answer 69

Billing information can’t be sent without express informed consent

Question 70

TSR, free to pay rules

Answer 70

Telemarketer to get at least 4 digits of the account number to be charged

Question 71

TSR fradulent practices

Answer 71

unencrypted account numbers; payment for repair services unless time has already expired and seller proves results were achieved; payment for asset recovery less than 7 days…; advanced fee loans; payment for debt relief

Question 72

TSR, caller Id

Answer 72

must include accurate caller ID

Question 73

TSR, deceptive practice, credit card transaction

Answer 73

record a credit card not linked to a sale

Question 74

TSR record keeping requirements

Answer 74

keep for a period of 2 years after produced / created

Question 75

TSR record keeping, how many copies

Answer 75

just one, either by seller or telemarketer

Question 76

TCPA is enforced by

Answer 76

FCC at federal level, private litigants and the states attorney general at state level but must notify FCC

Question 77

State laws are not preempted by TCPA, T or F

Answer 77

True, they are not

Question 78

State laws are not preempted by TSR, T or F

Answer 78

True, they are not

Question 79

The right to financial privacy act doesn’t apply to …

Answer 79

Corporations or Partnerships larger than 5 people

Question 80

The right to financial privacy act is suposed to ..

Answer 80

restrict government access to personal financial information

Question 81

Right to financial privacy disclosure rules

Answer 81

consent, subpoena, warrant, formaly request from a federal agency

Question 82

Right to financial privacy act, consent rules

Answer 82

not in excess of 3 months, authorization can be revoked prior to disclosure, to a specific document, identify the government authority, purpose for disclosure, customer’s rights

Question 83

Right to financial privacy act, subpoena rules

Answer 83

quash in 10 days, 14 if mailing, government must have reason to believe the informaiton is relevant to a ligitimate law enforcement inquiry, customer gets a copy

Question 84

Right to financial privacy act, warrant rules,

Answer 84

mail a copy of the search warrant to the customer within 90 days, court may delay the notification for 180 days

Question 85

Right to financial privacy act, formal written request rules

Answer 85

is an option when no summons or subpoena is available

Question 86

Right to financial privacy act, exemptions that apply to financial institutions

Answer 86

the exceptions are called suspicious activty reports (SARs)

Question 87

Right to financial privacy act, exemptions in addition to SARs

Answer 87

A bank can give up your records to perfect a security interest, for bankruptcy, collect a debt, or for a government loan or benefit

Question 88

The right to financial privacy act was ammended by the US Patriot Act

Question 89

Right to financial privacy act, US Patriot Act, private cause of action heard in what court..

Answer 89

Federal court

Question 90

Katz v. United States

Answer 90

warrant for a wire tap

Question 91

Plamondon (Keith case)

Answer 91

4th ammendment warrant requirements intersected with national security

Question 92

Artical II Constitution, President has …

Answer 92

Plenary power or foreign affairs

Question 93

Domestic surveillance is subject to what..

Answer 93

4th amendment warrant requirements, only applies to US citizens

Question 94

What is FISA

Answer 94

Foreign intelligence serveillance act, engage in surveillance for national security

Question 95

FISA revised by US Patriot Act

Answer 95

to fight terrorism, demanded more detailed reporting, more transparency

Question 96

Edward Snowden released documents led to what..

Answer 96

US Freedom Act which ended bulk record collecting

Question 97

FISC is what

Answer 97

Foreign intelligence surveillance court

Question 98

FISC is composed of what

Answer 98

11 judges appointed by the chief justice, judges serve for 7 years

Question 99

FISC friend of the cour

Answer 99

amicus curiae, US Freedom Act

Question 100

Attorney General to review every application for what

Answer 100

a FISA order before it is submitted to the FISC

Question 101

FISA order needs what to be issued

Answer 101

probable cause, foreign power or agent of a foreign power

Question 102

FISA application process

Answer 102

minimization procedures, significant purpose

Question 103

FISA order also permit..

Answer 103

pen registers, trap and trace

Question 104

FISA application denials can be appealed to ..

Answer 104

court of review, if that is denied then the supreme court

Question 105

Color of law is what..

Answer 105

appearance of lawful power when you don’t have it, it’s a criminal offense

Question 106

US Patriot Act, any tangible thing

Answer 106

anyting that would advance the investigation into foreign intelligence

Question 107

Any tangible thing, recipients of the order..

Answer 107

are prohibited to disclose they have the order

Question 108

Any tangible thing,

Answer 108

people complying are immune from liability

Question 109

US Patriot Act, intercept computer communications if..

Answer 109

owner gives consent, official investigation, content relevant to investigation, interception doesn’t get comms other than those transmitted

Question 110

Foreign intelligence info of persons outside the US..

Answer 110

Can be done, 1 year, Attorney General and Dir of National Intelligence must authorize it

Question 111

Foreign intelligence info of persons outside the US, once approved..

Answer 111

FISC to review and approve, has to meet minimization and targeting rules

Question 112

Upstream surveillance is what

Answer 112

information from internet backbone, the physical infrastructure

Question 113

PRISM or Downstream surveillance is what

Answer 113

information from internet companies

Question 114

After the fact surveillance disclosures aren’t permitted, T or F

Answer 114

t

Question 115

Amicus curiae from the US Patriot Act was permitted to what..

Answer 115

increase transparency

Question 116

Surveillance reporting…

Answer 116

Congress mandated a bunch of reporting around the number of FISA orders and NSLs; this was added as a requirement to the US Freedom Act

Question 117

Civil proceedings rules are called..

Answer 117

Federal Rules of Civil Procedure (FRCP)

Question 118

Discovery devices

Answer 118

Requests for production, Depositions, Interrogatories, Requests for admission, Subpoena

Question 119

Subpoena must have

Answer 119

the court, title, person, rules to challenge

Question 120

All discovery devices must be personally served, T or F

Answer 120

T

Question 121

What is privilege

Answer 121

Not to disclose information

Question 122

Discovery rule changes.. why

Answer 122

for electronic information

Question 123

New discovery rules now include what

Answer 123

emails, databases, server logs, text messages, voicemails, thumb drives, etc.

Question 124

Sedona conference

Answer 124

best practices for e-discovery, data management, data retention, information governance

Question 125

Aerospaciale, comity analysis

Answer 125

importance, specificity, originated in the U.S., alternative means, non compliance undermine U.S. interests

Question 126

Filing suite in a U.S. court means..

Answer 126

subject yourself to U.S. rules

Question 127

Sedona conference, act in good faith

Answer 127

get out of jail free card

Question 128

Lewy v. Remington Arms

Answer 128

Sedona conference, good example of good faith

Question 129

Sedona conf, business judgement rule

Answer 129

corp decisions are made in the best interests of the corporation

Question 130

Attorney’s eyes only

Answer 130

prevent private information from being disclosed

Question 131

What is a protective order

Answer 131

prevents information disclosure

Question 132

Rule 26 of Federal Rules of Civil Procedure (FRCP)

Answer 132

permits a protective order, annoyance, embarrassment, etc.

Question 133

Rule 5.2 of Federal Rules of Civil Procedure (FRCP)

Answer 133

Redaction of specific information

Question 134

At will

Answer 134

relationship between employee and employer

Question 135

At will, can be modified with

Answer 135

a contract

Question 136

Contract between the employer and the labor union

Answer 136

collective bargaining agreement

Question 137

Governament employers have to worry about

Answer 137

constitutional provisions in the workplace

Question 138

SEC law, disclose salaries of..

Answer 138

certain C-level executives, public companies

Question 139

Consumer reports and the workplace…

Answer 139

Fair and Accurate Credit Transactions Act (FACTA), how consumer reports are used

Question 140

Background checks are included in what law

Answer 140

Fair Credit Reporting Act (FCRA), regulated by the FTC

Question 141

Depart of Labor (DOL) developed what..

Answer 141

welfare of the wage

Question 142

Department of Labor (DOL) rule making for

Answer 142

Fair Labor Standards Act (FLSA), Employment Retirement Income Security Act (ERISA), Occupational Safety and Health Administration (OSHA)

Question 143

Equal Employment Opportunity Commission (EEOC)

Answer 143

Antidiscrimination laws, Title VII of Civil Rights Act, American Disabilities Act, Age Discrimination Employment Act,

Question 144

Equal Employment Opportunity Commission (EEOC) stats

Answer 144

5 members, no more than 3 of the same political party, appointed by the President for no more than 5 years, separate General Counsel serves 4 years and conducts litigation

Question 145

National Labor Relations Board (NLRB) does what

Answer 145

Right to join unions, negotiates collective bargaining agreements

Question 146

Title VII Civil Rights Act significan revisions

Answer 146

Civil Rights Act of 1991 and Lilly Ledbetter Fair Pay Act

Question 147

Equal Employment Opportunity Commission (EEOC) applies to companies with how many employees

Answer 147

15 or more

Question 148

Title VII Civil Rights Act created what

Answer 148

Equal Employment Opportunity Commission (EEOC)

Question 149

EEOC has broad authority to prohibit what

Answer 149

unlawful employment practices, given to them by Title VII

Question 150

EEOC, how many days to serve a charge

Answer 150

10 days

Question 151

EEOC investigative threshold

Answer 151

reasonable cause

Question 152

EEOC may file a civil action, T or F

Answer 152

T

Question 153

EEOC general public importance, how many judges

Answer 153

3

Question 154

American Disabilities Act (ADA) applies to what companies

Answer 154

15 or more people

Question 155

Civil Rights Act Title I does what

Answer 155

Covered entities can’t discriminate based on disability

Question 156

ADA, Toyota v. Williams

Answer 156

carpal tunnel not a disability

Question 157

ADA, Sutton v. United Airlines

Answer 157

Myopia not a disability

Question 158

ADA, medical exams

Answer 158

can be required as a condition of a job offer if, all entering employees are subject to it, medical condition results are kept separate, results only used in accordance with the ADA

Question 159

ADA, medical exams .. another fact

Answer 159

medical exams are permitted if both job related and consistent with business necessity

Question 160

ADA, drug testing is not considered a medical exam, T or F

Answer 160

T

Question 161

Genetic Information Nondiscrimination Act (GINA) is overseen by

Answer 161

HHS

Question 162

GINA is tied to what other laws

Answer 162

Employement Retirement Income Security Act (ERISA), Social Security Act, HIPAA

Question 163

GINA protected under Chapter 21 of Title 42 which is enforced by

Answer 163

EEOC

Question 164

Civil Rights Act Title II and GINA

Answer 164

prohibits discrimination for genetic info, but age and sex are excluded

Question 165

GINA, Employers requesting info, exceptions, they can request if

Answer 165

inadvertent, voluntary wellness program, to comply with Family Medical Leave Act, commercially publically available, for law enforcement

Question 166

GINA rules also apply to

Answer 166

employment agencies, labor unions, training programs

Question 167

GINA info has to be kept…

Answer 167

in a separate file and treated as confidential medical information

Question 168

Places with laws about automated employment decision tools

Answer 168

Illinois, Maryland, New York City

Question 169

Automated employment tooling, Illinois

Answer 169

Video Interview Act

Question 170

Automated employment tooling, Maryland

Answer 170

Facial recognition

Question 171

Automated employment tooling, New York City

Answer 171

Bias audit

Question 172

ADA issues, automated employment tooling

Answer 172

reasonable accommodations, screens out poeple with disabilities,

Question 173

ADA guidance, automated employement tooling

Answer 173

transparent, provide notice, essential functions, a company’s vendors comply with the same guidance

Question 174

EEOC, iTutor Group, automated employment tooling

Answer 174

excluded females over 55, men over 60

Question 175

National Child Protection Act permits access to the National Crime Information Center… why

Answer 175

Background checks

Question 176

Why do background checks

Answer 176

protects the employer

Question 177

ADA medical testing in Pre Offer stage is

Answer 177

prohibitted

Question 178

Far reaching law impacting hiring process

Answer 178

Fair Credit Reporting Act (FCRA) , governs the use of Consumer Reports

Question 179

FCRA left certain state laws in place

Answer 179

California Investigative Consumer Reporting Agencies Act which limits the use of credit information

Question 180

9 states that copied Californias ICRAA

Answer 180

Colorado, Connecticut, Hawaii, Illinois, Maryland ,Nevada, Oregon, Vermont, Washington; and DC, Chicago, NYC, and Philadelphia

Question 181

Methods of pre-employment screening

Answer 181

Personality, Psychological Evals, Polygraph

Question 182

ADA, some psychological testing may be considered a medical eval, T or F

Answer 182

t

Question 183

Employee Polygraph Protection Act (EPPA) does what

Answer 183

Employers prohibited from using lie detctor test unless, government, national defense, business provides security, transport of certain types of goods, companies that make or distribut controlled substances, investigations for economic loss, injury, theft

Question 184

EPPA, keep statements for how long

Answer 184

3 years

Question 185

EPPA, adverse action

Answer 185

brief the employee, give a copy of the results and questions asked, results only disclosed to the person, employer, or the court

Question 186

EPPA, rule making authority

Answer 186

Secretary of Labor, also has subpoena power for investigations

Question 187

Drug testing, Government employers, which ammendment

Answer 187

Fourth

Question 188

Drug testing, private sector, which law

Answer 188

ADA

Question 189

States, drug testing, reasonable suspicion

Answer 189

Iowa, Minnesota, Connecticut

Question 190

Social media privacy

Answer 190

as long as the employee’s actions don’t negatively impact the employer

Question 191

Employee monitoring written policy

Answer 191

purpose, what’s monitored, how, what’s info is stored, how being used, who disclosed to

Question 192

Multi national companies may need different monitoring policies, T or F

Answer 192

t

Question 193

Wiretap Act, Eletronic Communication Privacy Act (ECPA) enforce what

Answer 193

employee monitoring

Question 194

One party consent

Answer 194

Wiretap Act, one party has to agree to being recorded

Question 195

Two party consent

Answer 195

Wiretap Act, both parties on the call have to agree to being recorded

Question 196

CCTV doesn’t record audio so it’s not subject to what

Answer 196

Wiretap act

Question 197

State that prohibits CCTV

Answer 197

Michigan

Question 198

Eletronic Communication Privacy Act (ECPA) Title II is what act

Answer 198

Stored Communication Act (SCA), email monitoring

Question 199

Email monitoring is illegal unless

Answer 199

The person or entity providing the email service agrees

Question 200

Two states with strict employer communication laws (email, phone, etc)

Answer 200

Deleware, Connecticut

Question 201

When is mail considered delivered

Answer 201

when it reaches the business

Question 202

GPS monitoring guidelines

Answer 202

during business hours, for business purposes, monitoring has been disclosed

Question 203

States with additional GPS monitoring laws

Answer 203

California, Minnesota, Tennessee, Texas

Question 204

BYOD can create what

Answer 204

security vulnerabilities

Question 205

Data loss prevention (DLP) is a strategy for

Answer 205

unauthorized access or misuse of sensitive data

Question 206

Collective bargaining agreements can

Answer 206

modify the obligations an employer has on its workforce

Question 207

National Labor Relations Board (NLRB), Colgate

Answer 207

video surveillance

Question 208

National Labor Relations Board (NLRB), Purple Communications

Answer 208

email monitoring, union organizing

Question 209

Investigating employee misconduct guidelines

Answer 209

take seriously, fairness, follow laws and company policies, documentation

Question 210

Important aspect of employmee investigation policies is

Answer 210

ensure a company properly documents employee performance problems

Question 211

Fair Credit Reporting Act (FCRA) and employee misconduct investigations

Answer 211

If the investigation involves a consumer report, FTC provided an opinion in the Vail Letter

Question 212

FTC Vail Letter said what

Answer 212

Third party investigations of employees were subject to the Fair Credit Reporting Act (FCRA) and needed to disclose this to the employee

Question 213

FACTA and Vail Letter

Answer 213

Fair and Accurate Credit Transaction Act (FACTA) ammended FCRA, employers don’t need to disclose they are conducting an employee investigation

Question 214

FACTA employee investigation disclosure rules

Answer 214

don’t need to disclose if investigating employee misconduct, related to compliance with laws or company policies, not investigating credit worthiness, communication only proivded to employer or agent, government, regulatory authority, required by law

Question 215

HIPAA excludes what records

Answer 215

employment records held by a covered entity

Question 216

Who enforces the Family Medical Leave Act

Answer 216

Department of Labor

Question 217

HIPAA, employment records, ADA, GINA, FMLA stuff must be kept

Answer 217

All kept away from each other in separate files

Question 218

State with a law to provide a reference after termination

Answer 218

Kansas

Question 219

After termination

Answer 219

Restrict access, keep employee records, maintain good will

Question 220

Jurisdictional nexus

Answer 220

Activities of the business or person and the intersect with the state

Question 221

Tenth ammendment and state law

Answer 221

Tenth ammendment gives states the right to pass laws

Question 222

What do federal regulations streamline

Answer 222

nationwide baseline compliance

Question 223

State unfair and deceptive acts and practices (UDAP) and AG’s

Answer 223

UDAP give state attorney gernals authority to bring enforcement actions

Question 224

Federal law can limit state law through..

Answer 224

preemption and limiting where federal claims may be filed

Question 225

Federal courts hear cases about what

Answer 225

the constitution or federal law

Question 226

State courts hear cases about what

Answer 226

states have a general jurisdiction

Question 227

Removal jurisdiction

Answer 227

moving a case from state court to have it heard in federal court

Question 228

States with laws like TCPA, TSR, CAN-SPAM

Answer 228

Alabama, plus all states got together to in-act 8 anti-robocall principles

Question 229

California Online Privacy Protection Act (CalOPPA) requires ..

Answer 229

website operators to conspiciously post its privacy policy on websites and mobile apps; also Do Not Track policy

Question 230

States allow a free credit report more frequently

Answer 230

Colorado, Georgia, Maine, Maryland, Massachusetts, New Jersey, Vermont

Question 231

States with laws about how credit scores are utilized

Answer 231

California, Colorado

Question 232

California Financial Information Privacy Act did what

Answer 232

Called California SB-1, consumers to opt-in in writing, entitled to opt out

Question 233

One entity with jurisdiction over many financial institutions

Answer 233

NYDFS, new york dept of financial services

Question 234

NYDFS has strict cybersecurity requirements..

Answer 234

most strict of all states, far beyond GLBA

Question 235

FTC upgraded the GLBA safeguards to match what..

Answer 235

NYDFS, new york dept of financial services cybersecurity requirements

Question 236

There is no federal law that governs data security or imposes universal security standards, T or F

Answer 236

t

Question 237

HIPAA governs what market sector

Answer 237

Healthcare

Question 238

GLBA governs what market sector

Answer 238

Finance

Question 239

FTC can bring enforcement for failure to adopt..

Answer 239

adequate security measures… under section 5 of unfair or deceptive trade

Question 240

FTC enforcement, failure to adopt adequate security, against who

Answer 240

Uber, Lenovo, D-Link

Question 241

NYDFS has become the ..

Answer 241

gold standard for government mandated security practices

Question 242

Massachusetts minimum security standards

Answer 242

one employee to maintain an infosec program, risk mgmt, policies, disciplinary measures, terminated employee no access, vendor mgmt, physical access controls, monitoring, incident mgmt

Question 243

What state codified PCI-DSS into law

Answer 243

Washington, similar to what Minnesota did

Question 244

SSN Confidentiality Act did what

Answer 244

federal law, prohibits SSNs from being visible in the envelope window

Question 245

California SSN law

Answer 245

Probhibit SSN from public display, printed on access cards, requiring it be transmitted over the internet, requiring it to be used to access a website, it being on printed materials mailed to homes, selling it

Question 246

Colorado data destruction law

Answer 246

businesses using documents containing persnal information must develop data destruction and disposal policies

Question 247

States require the implementation of minimum security standards, T or F

Answer 247

t

Question 248

North Carolina data destruction law

Answer 248

defines reasonable data destruction measures as, can’t be read or reconstructed,

Question 249

Subcontracting data destruction is permitted, T or F

Answer 249

True, think Iron Mountain

Question 250

Vermont started to make data brokers register annually, why

Answer 250

to regulate them, California and Illinois are following suite

Question 251

States that have cookie and online tracking laws

Answer 251

California and Virginia

Question 252

Key definitions for data breach laws

Answer 252

who is covered, the term personal information, the term data breach

Question 253

Data breach definition

Answer 253

When personal information is accessed or acquired without authorization

Question 254

After a breach is determined, what is the next step

Answer 254

determine what notification obligations exist

Question 255

State data breach notification laws require what..

Answer 255

any state resident that is affected be notified

Question 256

If a data processor is breached they must what..

Answer 256

disclose the breach to the owner or licensee of the data

Question 257

Data breach, States also require notification to govt agencies, california..

Answer 257

California Dept of Health Services

Question 258

Data breach, States, also require notification to..

Answer 258

Attorney General, and Credit Reporting Agencies

Question 259

Data breach, notification timing, common phrase..

Answer 259

the most expeditious time possible and without unreasonable delay, 8 states say within 45 days

Question 260

Data breach, notification timing, Puerto Rico

Answer 260

10 days, then 24 hours

Question 261

Data breach, notification standard, which state

Answer 261

North Carolina

Question 262

Data breach, notification template

Answer 262

description, information type, steps to protect info,

Question 263

Can a company draft one breach notice and send it nationwide

Answer 263

No, certain states have certain requirements

Question 264

Is a written breach notice required to inform consumers in every state

Answer 264

No, some states allow for electronic communication if there is prior consent

Question 265

Breach notification exceptions

Answer 265

Where more stringent law applies, an organization follows it’s own breach notification procedures, when data was encrypted, redacted, or otherwise unusable

Question 266

Data breach notification enforement, State Attorney’s General

Answer 266

Can get involved when an organization fails to comply with the law

Question 267

Data breach private cause of action

Answer 267

is possible under UDAP statutes in some states

Question 268

Which state first adopted data breach notification law

Answer 268

California SB-1386

Question 269

What is the first comprehensive data protection law in the U.S.

Answer 269

California Consumer Protection Act (CCPA)

Question 270

Which law expands upon the California Consumer Protection Act (CCPA)

Answer 270

California Privacy Rights Act (CPRA)

Question 271

California’s definition of personal information

Answer 271

First name and last name, or first initial and last name, in combination with other stuff

Question 272

California’s data breach encryption exception

Answer 272

notification to consumers is necessary only if the data isn’t encrypted

Question 273

California’s data breach notification timing

Answer 273

most expedient time without unreasonable delay, consistent with the legitimate needs of law enforcement

Question 274

California’s data processor notification requirements

Answer 274

are placed on the data controller

Question 275

California’s data breach notification content

Answer 275

disclosures in plain language, specificity, and a bunch of stuff

Question 276

Any data breach disclosure complying with federal law will satisfy California requirement

Answer 276

t

Question 277

California allows for both written and electronic data breach notificaitons

Answer 277

t

Question 278

California data breach notification, if over 500K people

Answer 278

a substitute notice may be used

Question 279

California data security law excludes what data

Answer 279

publically available and encrypted data

Question 280

California data security law, disposal of data

Answer 280

shredding, erasing, make unreadable or undecipherable

Question 281

Scope of California Consumer Protection Act (CCPA)

Answer 281

> 25M in revenue, personal info of 50K people, get 50% of its revenue from selling personal info

Question 282

California Consumer Privacy Act (CCPA), Third Parties

Answer 282

Third parties are prohibited from selling personal information unless the consumer receives notice and the opportunity to opt out

Question 283

The definition of a consumer under the CCPA

Answer 283

Any natural person who is a California resident

Question 284

The California Consumer Privacy Act does not apply to what type of information

Answer 284

deidentified or aggregated information

Question 285

The term Sale in the context of personal information

Answer 285

it’s a long definition but ends with “for monetary or other valuable consideration”

Question 286

California Consumer Privacy Act (CCPA) and notice

Answer 286

provide notice at or before collection, what’s collected, how used, categories, rights, how to exercise the rights, etc.

Question 287

California Consumer Privacy Act (CCPA) consumer rights

Answer 287

Notice, Opt Out, Request Disclosure, Access, Deletion, Not to be dscriminated against

Question 288

Who enforces the CCPA

Answer 288

California attorney general

Question 289

CCPA does provide a private cause of action for what

Answer 289

Data breach

Question 290

What did the California Privacy Rights Act (CPRA) create

Answer 290

the California Privacy Protection Agency (CPPA)

Question 291

California Privacy Protection Agency (CPPA) stats

Answer 291

5 member board, enforcement authority transferred from California Attorney General to the CPPA

Question 292

California Privacy Protection Agency (CPPA) board members need

Answer 292

qualifications in privacy and technology

Question 293

California Privacy Rights Act (CPRA) includes sensitive information

Answer 293

t

Question 294

California Privacy Rights Act (CPRA) includes public records made available by the government

Answer 294

t

Question 295

What did the California Privacy Rights Act (CPRA) strengthen

Answer 295

transparency and accountability requirements under the CCPA

Question 296

California Privacy Rights Act (CPRA) security requirement

Answer 296

CPRA incorporated security requirements into the CCPA

Question 297

California Privacy Rights Act (CPRA) mandates that controllers..

Answer 297

enter into written contracts with 3rd party data vendors

Question 298

California Privacy Rights Act (CPRA) broadened rights

Answer 298

correct information, use of sensitive info, automated decision making, delete info, expanded access, expanded opt out

Question 299

California Age Appropriate Design Code Act (AADC)

Answer 299

Prohibits advertising directed at children, profiling of children, dark patterns

Question 300

California Age Appropriate Design Code Act (AADC) defines children as

Answer 300

anyone under 18

Question 301

States adopting laws similar to the CCPA

Answer 301

Virginia, Colorado, Utah, Connecticut

Question 302

Virginia Consumer Data Protection Act (VCDPA)

Answer 302

makes Virginia the only state to implement comprehensive privacy laws

Question 303

Who is exempt from the Virginia Consumer Data Protection Act (VCDPA)

Answer 303

GLBA, HIPPA, and non profits

Question 304

Virginia Consumer Data Protection Act (VCDPA) is close to the GDPR

Answer 304

t

Question 305

Virginia Consumer Data Protection Act (VCDPA) time to respond to data subject request

Answer 305

without undue delay, no later than 45 days

Question 306

Virginia Consumer Data Protection Act (VCDPA) private cause of action

Answer 306

No

Question 307

Virginia Consumer Data Protection Act (VCDPA) enforced by

Answer 307

State attorney general

Question 308

Virginia Consumer Data Protection Act (VCDPA) rule making authority

Answer 308

No rule making authority, Data Controllers have to rely on the text of the statute

Question 309

Colorado Privacy Act (CPA) doesn’t include

Answer 309

HIPPA, GLBA, COPPA, FERPA

Question 310

Colorado Privacy Act (CPA) includes what.. that no one else does

Answer 310

It applies to non profits

Question 311

VCDPA and the CPA have a controller / processor framework and the CCPA has a

Answer 311

business / affiliate framework

Question 312

Colorado Privacy Act (CPA) codifies that

Answer 312

a person not limitted in processing or fails to follow the instructions of the controller, now is considered the controller

Question 313

Colorado Privacy Act (CPA), processors can use subcontractors

Answer 313

No

Question 314

Colorado Privacy Act (CPA) calls for adoption of

Answer 314

appropropriate technical and organizational safegaurds, data processing contracts, controllers to conduct data protection assessments where there is a hightened risk of harm

Question 315

Colorado Privacy Act (CPA) rights

Answer 315

opt out, access, correct, delete, portability

Question 316

Colorado Privacy Act (CPA) private cause of action

Answer 316

No

Question 317

Colorado Privacy Act (CPA) enforcement

Answer 317

State attorney general, local district attorneys, covered under the state UDAP

Question 318

Colorado Privacy Act (CPA) rule making

Answer 318

lies with the State attorney general

Question 319

Utah Consumer Privacy Act (UCPA) excludes what from personal data

Answer 319

aggregated data

Question 320

Utah Consumer Privacy Act (UCPA) enforcement

Answer 320

State attorney general

Question 321

Utah Consumer Privacy Act (UCPA) time to fix a violation

Answer 321

30 days

Question 322

Connecticut Personal Data Privacy and Online Monitoring Act does not apply to

Answer 322

publically available info and personal data solely used for payment transactions, i.e. completing a sale

Question 323

Connecticut Personal Data Privacy and Online Monitoring Act list of rights

Answer 323

access, correct, delete, portability, universal opt out signals

Question 324

Connecticut Personal Data Privacy and Online Monitoring Act enforcement

Answer 324

Attorney general, no private cause of action

Question 325

Connecticut Personal Data Privacy and Online Monitoring Act days to fix a problem

Answer 325

60 days

Question 326

California Electronic Communications Privacy Act

Answer 326

can’t search phones or online accounts without a court order or consent or an emergency

Question 327

Deleware Online Personal Privacy Protection Act DOPPA)

Answer 327

Deleware’s version of COPPA but childeren are anyone under 18

Question 328

Deleware Online Personal Privacy Protection Act DOPPA) advertising..

Answer 328

Prohibits ads for tobacco, firearms, tanning equipment..

Question 329

Nevada Privacy of Information Collected on the Internet from Consumers Act SB 538 exemptions

Answer 329

FCRA, fraud prevention, publically available, drivers privacy protection act, GLBA

Question 330

Nevada Privacy of Information Collected on the Internet from Consumers Act SB 538 primary requirement

Answer 330

to provide an online notice and designated request address to no sell data, have 60 days to process it

Question 331

Nevada Privacy of Information Collected on the Internet from Consumers Act SB 538 time to fix issues

Answer 331

30 days

Question 332

Nevada Privacy of Information Collected on the Internet from Consumers Act SB 538 “sale” extends to

Answer 332

data brokers

Question 333

Illinois Geolocation Privacy Protection Act and Right to Know Act

Answer 333

Vetoed by the governor, affirmative express consent before getting geolocation info from a consumer’s device

Question 334

New Jersey Personal Information and Privacy Protection Act

Answer 334

when retailers can scan a person’s identification card, sale of the data is prohibited

Question 335

Washington state Biometric Privacy Law

Answer 335

can’t put biometric data into a database for commercial purposes without adequate notice, consent obtained, and can prevent subsequent use

Question 336

New York’s SHIELD Act expands

Answer 336

private information and data breach

Question 337

New York’s SHIELD Act private information is

Answer 337

biometric data, account number, user names

Question 338

New York’s SHIELD Act data breach..

Answer 338

when private information is accessed without authorization

Question 339

New York’s SHIELD Act data breach exemption

Answer 339

when it was accessed by accident

Question 340

New York’s SHIELD Act also requires

Answer 340

develop, implement, maintain reasonable safeguards to protect security and disposal

Question 341

New York’s SHIELD Act requires safegaurds in line with a company’s

Answer 341

size and complexity

Question 342

Illinois Student Online Personal Protection Act (SOPPA)

Answer 342

most comprehensive privacy for student records, info is called covered info, any personally identifiable information

Question 343

Illinois Student Online Personal Protection Act (SOPPA) operators..

Answer 343

are prohibited from advertising, profiling, selling, or disclosing covered information

Question 344

Illinois Student Online Personal Protection Act (SOPPA) school requirements and state board of education requirements

Answer 344

no selling, or disclosing, there are some exceptions, and the school needs a privacy officer

Question 345

Tennessee SB 2005 data breach notification

Answer 345

encrypted data is no longer an excluded, you have to notify consumers

Question 346

Illinois HB 1260 data breach notification

Answer 346

encrypted data is not excluded if there is a risk the key was compromised

Question 347

Illinois HB 1260 data breach medical information

Answer 347

medical info, biometric info, health insurance info now in scope

Question 348

Illinlois HB 1260 data breach notification to attorney general

Answer 348

HIPPA regulated entities have to notify the attorney general now if there is a breach

Question 349

New Mexico HB 15 data breach laws

Answer 349

apply to encrypted and non encrypted data, biometric data, personal health information

Question 350

South Dakota data breach law

Answer 350

don’t need to notify if there is no harm to consumers but you must notifiy the attorney general

Question 351

Massachusetts HB 4806 data breach law

Answer 351

similar to the Fair Credit Reporting Act (FCRA) requirements, the data breach laws regulate the credit reporting agencies