Questions Flashcards
Which jurisdiction must courts have in order to hear a particular case?
Personal jurisdiction and subject matter jurisdiction
Which authority supervises and enforces laws regarding advertising to children via the Internet?
A. Office of Civil rights
B. The Federal Trade Commission
C. Dept of Homeland Security
The Federal Trade Commission
According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?
A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it
Determine which bodies will be involved in adjudication
Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?
A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track
International data transfers
The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?
A. The 1974 Privacy Act
B. Common law principles
C. European Union Directive
D. Traditional fair information practices
European Union Directive
What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?
A. A consent decree
B. Stare decisis decree
C. A judgment rider
D. Common law judgment
A consent decree
Our website uses cookies. Cookies allow us to identify the computer or device you’re using to access the site, but they don’t identify you personally. For instructions on setting your Web browser to refuse cookies, click here.
What type of legal choice does not notice provide?
A. Mandatory
B. Implied consent
C. Opt-in
D. Opt-out
A. Mandatory B. implied consent C. Opt -in D. Opt-out
Answer: C. Opt in? *check
Hypo: What is the best reason for Cheryl (owner) to follow Janice’s (lawyer)
suggestion about classifying customer data?
A. It will help employees stay better organized
B. It will help the company meet a federal mandate
C. It will increase the security of customers’ personal information (PI)
D. It will prevent the company from collecting too much personal information (PI)
It will increase the security of customer’s personal information (PI)
What is the most likely risk of Fitness Coach, Inc. adopting Janice’s first draft of the privacy policy?
A. Leaving the company susceptible to violations by setting unrealistic goals
B. Failing to meet the needs of customers who are concerned about privacy
C. Showing a lack of trust in the organization’s privacy practices
D. Not being in standard compliance with applicable laws
Leaving the company susceptible to violations by setting unrealistic goals.
What is the main problem with Cheryl’s (owner) suggested method of communicating the new privacy policy?
A. The policy would not be considered valid if not communicated in full.
B. The policy might not be implemented consistency across departments.
C. Employees would not be comfortable with a policy that is put into action over time.
D. Employees might not understand how the documents relate to the policy as a whole.
Reveal Solution
The policy might not be implemented consistency across departments.
Based on the scenario, which of the following would have helped Janice (lawyer) to better meet the company’s needs?
A. Creating a more comprehensive plan for implementing a new policy
B. Spending more time understanding the company’s information goals
C. Explaining the importance of transparency in implementing a new policy
D. Removing the financial burden of the company’s employee training program
Reveal Solution
Spending more time understanding the company’s information goals
According to the FTC Report of 2012, what is the main goal of Privacy by Design?
A. Obtaining consumer consent when collecting sensitive data for certain purposes
B. Establishing a system of self-regulatory codes for mobile-related services
C. Incorporating privacy protections throughout the development process
D. Implementing a system of standardization for privacy notices
Answer: C. Incorporating privacy protections throughout the development process
What is the main reason some supporters of the European approach to privacy are skeptical about self-regulation of privacy practices?
A. A large amount of money may have to be sent on improved technology and security
B. Industries may not be strict enough in the creation and enforcement of rules
C. A new business owner may not
B. industries may not be strict enough in the creation and enforcement of rules
What is the main purpose of the Global Privacy Enforcement Network?
A. To promote universal cooperation among privacy authorities
B. To investigate allegations of privacy violations internationally
C. To protect the interests of privacy consumer groups worldwide
D. To arbitrate disputes between countries over jurisdiction for privacy laws
answer: A. to promote universal cooperation among privacy authorities
In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?
A. Scanning emails sent to and received by students
Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?
A. A local nonprofit charity’s fundraiser
B. An online merchant’s free shipping offer
C. A national bank’s no-fee checking promotion
D. A city bus system’s frequent rider program
Answer: B. An online merchant’s free shipping offer.
An organization self-certified under Privacy Shield must, upon request by an individual, do what?
A. Suspend the use of all personal information collected by the organization to fulfill its original purpose.
B. Provide the identities of third parties with whom the organization shares personal information.
C. Provide the identities of third and fourth parties that may potentially receive personal information.
D. Identify all personal information disclosed during a criminal investigation.
Answer:
Provide the identities of third parties with whom the organization shares personal information
Which of the following federal agencies does NOT enforce the Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA)?
A. The Office of the Comptroller of the Currency
B. The Consumer Financial Protection Bureau
C. The Department of Health and Human Services
D. The Federal Trade Commission
Answer: The Dept of Health and Human Services
Please use the following to answer the next question:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: “Please act immediately by identifying all personal data received from our company.”
This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup’s rapid market penetration.
As the Company’s data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
At this stage of the investigation, what should the data privacy leader review first?
A. Available data flow diagrams
B. The text of the original complaint
C. The company’s data privacy policies
D. Prevailing regulation on this subject
Answer: Prevailing regulation on this subject
FROM HYPO
Upon review, the data privacy leader discovers that the Company’s documented data inventory is obsolete. What is the data privacy leader’s next best source of information to aid the investigation?
A. Reports on recent purchase histories
B. Database schemas held by the retailer
C. Lists of all customers, sorted by country
D. Interviews with key marketing personnel
Answer: Lists of all customers, sorted by country
From hypo above. Under the General Data Protection Regulation (GDPR), how would the U.S.-based startup company most likely be classified?
Answer: Data controller.
Under the GDPR, the complainant’s request regarding her personal information is known as what?
Right to be Forgotten
In which situation would a policy of “no consumer choice” or “no option” be expected
A. When a job applicant’s credit report is provided to an employer
B. When a customer’s financial information is requested by the government
C. When a patient’s health record is made available to a pharmaceutical company
D. When a customer’s street address is shared with a shipping company
Answer: When a customer’s street address is shared with a shipping company.
What is the main challenge financial institutions face when managing user preferences?
A. . Ensuring they are in compliance with numerous complex state and federal privacy laws
B. Developing a mechanism for opting out that is easy for their consumers to navigate
C. Ensuring that preferences are applied consistently across channels and platforms
D. Determining the legal requirements for sharing preferences with their affiliates
Answer: Ensuring that preferences are applied consistently across channels and platforms.