Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

IAPP CIPM Questions Answers

Page: 7 / 13
Question 28

What should a privacy professional keep in mind when selecting which metrics to collect?

Options:

A.

Metrics should be reported to the public.

B.

The number of metrics should be limited at first.

C.

Metrics should reveal strategies for increasing company earnings.

D.

A variety of metrics should be collected before determining their specific functions.

Question 29

How do privacy audits differ from privacy assessments?

Options:

A.

They are non-binding.

B.

They are evidence-based.

C.

They are based on standards.

D.

They are conducted by external parties.

Question 30

Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

Options:

A.

Employees must sign an ad hoc contractual agreement each time personal data is exported.

B.

All employees are subject to the rules in their entirety, regardless of where the work is taking place.

C.

All employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.

D.

Employees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

Question 31

SCENARIO

Please use the following to answer the next QUESTION:

It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new initiative to encourage employees to use personal devices for conducting business. The initiative made purchasing a new, high-specification laptop computer an attractive option, with discounted laptops paid for as a payroll deduction spread over a year of paychecks. The organization is also paying the sales taxes. It's a great deal, and after a month, more than half the organization's employees have signed on and acquired new laptops. Walking through the facility, you see them happily customizing and comparing notes on their new computers, and at the end of the day, most take their laptops with them, potentially carrying personal data to their homes or other unknown locations. It's enough to give you data- protection nightmares, and you've pointed out to the information technology Director and many others in the organization the potential hazards of this new practice, including the inevitability of eventual data loss or theft.

Today you have in your office a representative of the organization's marketing department who shares with you, reluctantly, a story with potentially serious consequences. The night before, straight from work, with laptop in hand, he went to the Bull and Horn Pub to play billiards with his friends. A fine night of sport and socializing began, with the laptop "safely" tucked on a bench, beneath his jacket. Later that night, when it was time to depart, he retrieved the jacket, but the laptop was gone. It was not beneath the bench or on another bench nearby. The waitstaff had not seen it. His friends were not playing a joke on him. After a sleepless night, he confirmed it this morning, stopping by the pub to talk to the cleanup crew. They had not found it. The laptop was missing. Stolen, it seems. He looks at you, embarrassed and upset.

You ask him if the laptop contains any personal data from clients, and, sadly, he nods his head, yes. He believes it contains files on about 100 clients, including names, addresses and governmental identification numbers. He sighs and places his head in his hands in despair.

From a business standpoint, what is the most productive way to view employee use of personal equipment for work-related tasks?

Options:

A.

The use of personal equipment is a cost-effective measure that leads to no greater security risks than are always present in a modern organization.

B.

Any computer or other equipment is company property whenever it is used for company business.

C.

While the company may not own the equipment, it is required to protect the business-related data on any equipment used by its employees.

D.

The use of personal equipment must be reduced as it leads to inevitable security risks.

Page: 7 / 13
Exam Code: CIPM
Exam Name: Certified Information Privacy Manager (CIPM)
Last Update: Nov 24, 2024
Questions: 180
CIPM pdf

CIPM PDF

$25.5  $84.99
CIPM Engine

CIPM Testing Engine

$28.5  $94.99
CIPM PDF + Engine

CIPM PDF + Testing Engine

$40.5  $134.99