Question 1

Global Manufacturing Co’s Human Resources department recently purchased a new software tool. This toolhelps evaluate future candidates for executive roles by scanning emails to see what those candidates say andwhat is said about them. This provides the HR department with an automated “360 review” that lets themknow how the candidate thinks and operates, what their peers and direct reports say about them, and how wellthey interact with each other.What is the most important step for the Human Resources Department to take when implementing this newsoftware?

Options :

A : Making sure that the software does not unintentionally discriminate against protected groups.

B : Ensuring that the software contains a privacy notice explaining that employees have no right to privacyas long as they are running this software on organization systems to scan email systems.

C : Confirming that employees have read and signed the employee handbook where they have been advisedthat they have no right to privacy as long as they are using the organization’s systems, regardless of theprotected group or laws enforced by EEOC.

D : Providing notice to employees that their emails will be scanned by the software and creating automatedprofiles.

Answer: A

Question 2

A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?

Options :

A : Department of Health and Human Services

B : The affected individuals

C : The local media

D : Medical providers

Answer: D

Question 3

If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as anagent, the organization must ensure the third party does all of the following EXCEPT?

Options :

A : Uses the transferred data for limited purposes

B : Provides the same level of privacy protection as the organization

C : Notifies the organization if it can no longer meet its requirements for proper data handling

D : Enters a contract with the organization that states the third party will process data according to the consent agreement

Answer: D

Question 4

Which entities must comply with the Telemarketing Sales Rule?

Options :

A : For-profit organizations and for-profit telefunders regarding charitable solicitations

B : Nonprofit organizations calling on their own behalf

C : For-profit organizations calling businesses when a binding contract exists between them

D : For-profit and not-for-profit organizations when selling additional services to establish customers

Answer: D

Question 5

Which of the following is an important implication of the Dodd-Frank Wall Street Reform and ConsumerProtection Act?

Options :

A : Financial institutions must avoid collecting a customer’s sensitive personal information

B : Financial institutions must help ensure a customer’s understanding of products and services

C : Financial institutions must use a prescribed level of encryption for most types of customer records

D : Financial institutions must cease sending e-mails and other forms of advertising to customers who opt out of direct marketing

Answer: B

Free CIPP-C Mock Exam – Practice Online Confidently

Buying Options: