Free CIPM Mock Exam – Practice Online Confidently

Which item below best represents how a Privacy Group can effectively communicate with functional areas?  

SCENARIOPlease use the following to answer the next question.Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading thedevelopment of the company’s flagship product, the Handy Helper. The Handy Helper is an application that canbe used in the home to manage family calendars, do online shopping, and schedule doctor appointments. Afterhaving had a successful launch in the United States, the Handy Helper is about to be made available forpurchase worldwide.The packaging and user guide for the Handy Helper indicate that it is a “privacy friendly” product suitable for thewhole family, including children, but does not provide any further detail or privacy notice. In order to use theapplication, a family creates a single account, and the primary user has access to all information about theother users. Upon start up, the primary user must check a box consenting to receive marketing emails fromOmnipresent Omnimedia and selected marketing partners in order to be able to use the application.Sanjay, the head of privacy at Omnipresent Omnimedia, was working on an agreement with a Europeandistributor of Handy Helper when he fielded many questions about the product from the distributor. Sanjayneeded to look more closely at the product in order to be able to answer the questions as he was not involvedin the product development process.In speaking with the product team, he learned that the Handy Helper collected and stored all of a user’ssensitive medical information for the medical appointment scheduler. In fact, all of the user’s information isstored by Handy Helper for the additional purpose of creating additional products and to analyze usage of theproduct. This data is all stored in the cloud and is encrypted both during transmission and at rest.Consistent with the CEO’s philosophy that great new product ideas can come from anyone, all OmnipresentOmnimedia employees have access to user data under a program called “Eureka.” Omnipresent Omnimedia ishoping that at some point in the future, the data will reveal insights that could be used to create a fullyautomated application that runs on artificial intelligence, but as of yet, Eureka is not well-defined and isconsidered a long-term goal.What security controls are missing from the Eureka program?

SCENARIO -Please use the following to answer the next question:You were recently hired by InStyle Data Corp. as a privacy manager to help InStyle Data Corp. became compliant with a new data protection law.The law mandates that businesses have reasonable and appropriate security measures in place to protect personal data. Violations of that mandate are heavily fined and the legislators have stated that they will aggressively pursue companies that don't comply with the new law.You are paired with a security manager and tasked with reviewing InStyle Data Corp.'s current state and advising the business how it can meet the “reasonable and appropriate security’ requirement. InStyle Data Corp has grown rapidly and has not kept a data inventory or completed a data mapping. InStyle Data Corp. has also developed security-related policies ad hoc and many have never been implemented. The various teams involved in the creation and testing of InStyle Data Corp.'s products experience significant turnover and do not have well defined roles. There's little documentation addressing what personal data is processed by which product and for what purpose.Work needs to begin on this project immediately so that InStyle Data Corp. can become compliant by the time the law goes into effect. You and your partner discover that InStyle Data Corp. regularly sends files containing sensitive personal data back to its customers, through email, sometimes using InStyle Data Corp employees personal email accounts. You also learn that InStyle Data Corp.'s privacy and information security teams are not informed of new personal data flows, new products developed by InStyle Data Corp. that process personal data, or updates to existing InStyle Data Corp. products that may change what or how the personal data is processed until after the product or update has gone live.Through a review of InStyle Data Corp’ test and development environment logs, you discover InStyle Data Corp. sometimes gives login credentials to any InStyle Data Corp. employee or contractor who requests them. The test environment only contains dummy data, but the development environment contains personal data, including Social Security Numbers, health information, and financial information. All credentialed InStyle Data Corp. employees and contractors have the ability to alter and delete personal data in both environments regardless of their role or what project they are working on.You and your partner provide a gap assessment citing the issues you spotted, along with recommended remedial actions and a method to measure implementation. InStyle Data Corp. implements all of the recommended security controls. You review the processes, roles, controls, and measures taken to appropriately protect the personal data at every step. However, you realize there is no plan for monitoring and nothing in place addressing sanctions for violations of the updated policies and procedures. InStyle Data Corp. pushes back, stating they do not have the resources for such monitoring.What aspect of the data management life cycle have you as Privacy Manager NOT accounted for?

All of the following changes will likely trigger a data inventory update EXCEPT?  

Why were the nongovernmental privacy organizations, Electronic Frontier Foundation (EFF) and ElectronicPrivacy Information Center (EPIC), established?