RFI

Question 1

General authority

Answer 1

Blanket authority to regulate a specific field

Question 2

Specific authority

Answer 2

Authority over a specific regulation. Specific authorities are assigned (COPPA)

Question 3

CCPA Do not sell doesn’t include…

Answer 3

Public information like social media

Question 4

Covered entity in a state breach notification law

Answer 4

Those that will receive the notifications

Question 5

FACTA requires (7)

Answer 5

Truncating numbers
Credit score explanations
Free credit report
Disposal rule
Red flag rules
Limits on sharing
Ensuring accuracy

Question 6

CANSPAM opt out best practice

Answer 6

Offer opt out in the marketing channel.

Question 7

What must an employer provide if they deny employment because of a CRA?

Answer 7

Notice of adverse action

Question 8

21st Century Cares does not protect…

Answer 8

PI in the public interest

Question 9

PCI-DSS, AdChoices, and TrustArc certification are all…

Answer 9

Self-regulatory systems for complying with industry standards and best practices

Question 10

Which self-regulatory framework does the Digital Advertising Alliance run?

Answer 10

AdChoices

Question 11

What does AdChoices allow?

Answer 11

Setting preferences for ads

Question 12

Which state is considered to have the strictest data security law?

Answer 12

Massachusetts
(Requires administrative, technical, and physical safeguards)

Question 13

ADEA

Answer 13

Age Discrimination in Employment Act

Question 14

Title VII of the Civil Rights Act prohibits…

Answer 14

Discrimination based on race, color, religion, sex, and national origin

Question 15

Telemarketing sales rule requirements (3)

Answer 15

No calls before 8AM and after 9PM
CallerID must identify caller
Sweepstakes calls allowed if there is an “established business relationship”

Question 16

Does FERPA include police, employment, health records?

Answer 16

No

Question 17

Does FERPA cover grades from peer-graded papers?

Answer 17

No

Question 18

Does FERPA cover alumni records?

Answer 18

No

Question 19

What two things matter in data destruction laws?

Answer 19

Definition of PI
Destruction method based on media used

Question 20

Who role has overall responsibility for a privacy program?

Answer 20

CPO

Question 21

Anti-discrimination laws relation to workplace privacy

Answer 21

Minimize collection of PI to avoid identifying people in a protected class

Question 22

Which major privacy law has a disposal rule?

Answer 22

FACTA

Question 23

Asia Safe Harbor Program

Answer 23

CBPR

Question 24

Which state law considers photographs PI?

Answer 24

Washington

Question 25

Which state law protects reading habits?

Answer 25

DOPPA

Question 26

State law that covers retailers scanning ID cards

Answer 26

NJ

Question 27

State law that aligns with NIST framework

Answer 27

NIST

Question 28

ECPA requirements for video monitoring in the workplace

Answer 28

Consent Business purpose