Free CIPM Mock Exam – Practice Online Confidently

Why were the nongovernmental privacy organizations, Electronic Frontier Foundation (EFF) and ElectronicPrivacy Information Center (EPIC), established?

SCENARIOPlease use the following to answer the next question:Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company,Special Handling Shipping, for his work in reforming certain "rogue" offices. Last year, news broke that a policesting operation had revealed a drug ring operating in the Providence, Rhode Island office in the United States.Video from the office's video surveillance cameras leaked to news operations showed a drug exchangebetween Special Handling staff and undercover officers.In the wake of this incident, Kelly had been sent to Providence to change the "hands off" culture that uppermanagement believed had let the criminal elements conduct their illicit transactions. After a few weeks underKelly's direction, the office became a model of efficiency and customer service. Kelly monitored his workers'activities using the same cameras that had recorded the illegal conduct of their former co-workers.Now Kelly has been charged with turning around the office in Cork, Ireland, another trouble spot. The companyhas received numerous reports of the staff leaving the office unattended. When Kelly arrived, he found thateven when present, the staff often spent their days socializing or conducting personal business on their mobilephones. Again, he observed their behaviors using surveillance cameras. He issued written reprimands to sixstaff members based on the first day of video alone.Much to Kelly's surprise and chagrin, he and the company are now under investigation by the Data ProtectionCommissioner of Ireland for allegedly violating the privacy rights of employees. Kelly was told that thecompany's license for the cameras listed facility security as their main use, but he does not know why thismatters. He has pointed out to his superiors that the company's training programs on privacy protection anddata collection mention nothing about surveillance video.You are a privacy protection consultant, hired by the company to assess this incident, report on the legal andcompliance issues, and recommend next steps.What should you advise this company regarding the status of security cameras at their offices in the UnitedStates?

A Human Resources director at a company reported that a laptop containing employee payroll data was lost on the train. Which action should the company take IMMEDIATELY?

SCENARIOPlease use the following to answer the next question:Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, hasfound some degree of disorganization after touring the company headquarters. His uncle Henry had alwaysfocused on production – not data processing – and Anton is concerned. In several storage rooms, he has foundpaper files, disks, and old computers that appear to contain the personal data of current and former employeesand customers. Anton knows that a single break-in could irrevocably damage the company's relationship withits loyal customers. He intends to set a goal of guaranteed zero loss of personal information.To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of thecompany. However, Kenneth – his uncle's vice president and longtime confidante – wants to hold off on Anton'sidea in favor of converting any paper records held at the company to electronic storage. Kenneth believes thisprocess would only take one or two years. Anton likes this idea; he envisions a password-protected system thatonly he and Kenneth can access.Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but itwill simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenwarestore down the street will be responsible for their own information management. Then, any unneeded subsidiarydata still in Anton's possession can be destroyed within the next few years.After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers.Kenneth insists that two lost hard drives in question are not cause for concern; all of the data was encryptedand not sensitive in nature. Anton does not want to take any chances, however. He intends on sending noticeletters to all employees and customers to be safe.Anton must also check for compliance with all legislative, regulatory, and market requirements related toprivacy protection. Kenneth oversaw the development of the company's online presence about ten years ago,but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning anothertrusted employee with a law background the task of the compliance assessment. After a thorough analysis,Anton knows the company should be safe for another five years, at which time he can order another check.Documentation of this analysis will show auditors due diligence.Anton has started down a long road toward improved management of the company, but he knows the effort isworth it. Anton wants his uncle's legacy to continue for many years to come.In terms of compliance with regulatory and legislative changes, Anton has a misconception regarding?

SCENARIO -Please use the following to answer the next question:Edufox has hosted an annual convention of users of its famous e-learning software platform, and over time, it has become a grand event. It fills one of the large downtown conference hotels and overflows into the others, with several thousand attendees enjoying three days of presentations, panel discussions and networking. The convention is the centerpiece of the company's product rollout schedule and a great training opportunity for current users. The sales force also encourages prospective clients to attend to get a better sense of the ways in which the system can be customized to meet diverse needs and understand that when they buy into this system, they are joining a community that feels like family.This year's conference is only three weeks away, and you have just heard news of a new initiative supporting it: a smartphone app for attendees. The app will support late registration, highlight the featured presentations and provide a mobile version of the conference program. It also links to a restaurant reservation system with the best cuisine in the areas featured. "It's going to be great," the developer, Deidre Hoffman, tells you, "if, that is, we actually get it working!" She laughs nervously but explains that because of the tight time frame she'd been given to build the app, she outsourced the job to a local firm. "It's just three young people," she says, "but they do great work." She describes some of the other apps they have built. When asked how they were selected for this job, Deidre shrugs. "They do good work, so I chose them."Deidre is a terrific employee with a strong track record. That's why she's been charged to deliver this rushed project. You're sure she has the best interests of the company at heart, and you don't doubt that she's under pressure to meet a deadline that cannot be pushed back. However, you have concerns about the app's handling of personal data and its security safeguards. Over lunch in the break room, you start to talk to her about it, but she quickly tries to reassure you, "I'm sure with your help we can fix any security issues if we have to, but I doubt there'll be any. These people build apps for a living, and they know what they're doing. You worry too much, but that's why you're so good at your job!"What safeguard can most efficiently ensure that privacy protection is a dimension of relationships with vendors?