Practice Free CIPT Exam Online Questions
What is the main reason a company relies on implied consent instead of explicit consent from a user to process her data?
- A . The implied consent model provides the user with more detailed data collection information.
- B . To secure explicit consent, a user’s website browsing would be significantly disrupted.
- C . An explicit consent model is more expensive to implement.
- D . Regulators prefer the implied consent model.
Value Sensitive Design (VSD) focuses on which of the following?
- A . Quality and benefit.
- B . Ethics and morality.
- C . Principles and standards.
- D . Privacy and human rights.
Which of the following is an example of an appropriation harm?
- A . A friend takes and uploads your pictures to a social media website.
- B . A hacker gains access to your email account and reads your messages.
- C . A govemment agency uses cameras to monitor your movements in a public area.
- D . An unauthorized individual obtains access to your personal information and uses it for medical fraud.
D
Explanation:
Appropriation harms occur when someone’s personal information is used without their consent, often for malicious purposes. An unauthorized individual obtaining access to personal information
and using it for medical fraud is a clear example of appropriation harm because it involves the misuse of someone’s personal data for fraudulent activities, potentially causing significant financial and personal damage to the victim. The IAPP emphasizes that appropriation harms are serious privacy violations that require stringent safeguards to protect individuals’ personal data from unauthorized use.
Which of the following statements best describes the relationship between privacy and security?
- A . Security systems can be used to enforce compliance with privacy policies.
- B . Privacy and security are independent; organizations must decide which should by emphasized.
- C . Privacy restricts access to personal information; security regulates how information should be used.
- D . Privacy protects data from being viewed during collection and security governs how collected data should be shared.
Which is likely to reduce the types of access controls needed within an organization?
- A . Decentralization of data.
- B . Regular data inventories.
- C . Standardization of technology.
- D . Increased number of remote employees.
Ivan is a nurse for a home healthcare service provider in the US. The company has implemented a mobile application which Ivan uses to record a patient’s vital statistics and access a patient’s health care records during home visits. During one visitj^van is unable to access the health care application to record the patient’s vitals. He instead records the information on his mobile phone’s note-taking application to enter the data in the health care application the next time it is accessible.
What would be the best course of action by the IT department to ensure the data is protected on his device?
- A . Provide all healthcare employees with mandatory annual security awareness training with a focus
on the health
information protection. - B . Complete a SWOT analysis exercise on the mobile application to identify what caused the application to be
inaccessible and remediate any issues. - C . Adopt mobile platform standards to ensure that only mobile devices that support encryption capabilities are used.
- D . Implement Mobile Device Management (MDM) to enforce company security policies and configuration settings.
D
Explanation:
Problem Identification: Recording patient data on a mobile phone’s note-taking application poses a significant privacy risk.
Solution: Mobile Device Management (MDM) can enforce security policies, such as encryption, secure app installation, and remote wiping of data.
Benefits: MDM ensures that all devices comply with the organization’s security standards, thereby protecting sensitive health information.
Reference: IAPP CIPT Study Guide, Section on Mobile Device Security and Management.
A developer is designing a new system that allows an organization’s helpdesk to remotely connect into the device of the individual to provide support Which of the following will be a privacy technologist’s primary concern"?
- A . Geofencing
- B . Geo-tracking
- C . Geo-tagging
- D . Geolocation
D
Explanation:
A privacy technologist’s primary concern with a system that allows an organization’s helpdesk to remotely connect into the device of the individual would be geolocation. This concern arises because remote access can expose the geographical location of the individual, potentially leading to privacy risks if the location data is improperly handled or accessed. The IAPP’s CIPT materials cover privacy risks associated with geolocation data, stressing the need for careful management of location-based information to protect user privacy.
Value sensitive design focuses on which of the following?
- A . Quality and benefit.
- B . Ethics and morality.
- C . Confidentiality and integrity.
- D . Consent and human rights.
B
Explanation:
Option A: Quality and benefit are important in design but do not specifically capture the essence of value sensitive design, which is more about ethical considerations.
Option B: Value sensitive design integrates considerations of ethics and morality into the technology design process, ensuring that the resulting systems align with human values.
Option C: Confidentiality and integrity are key aspects of information security but are not the primary focus of value sensitive design.
Option D: Consent and human rights are related to privacy and data protection but are narrower than the broader focus of ethics and morality in value sensitive design.
Reference: IAPP CIPT Study Guide
Literature on Value Sensitive Design (VSD) principles and methodologies
A privacy engineer reviews a newly developed on-line registration page on a company’s website. The purpose of the page is to enable corporate customers to submit a returns / refund request for physical goods. The page displays the following data capture fields: company name, account reference, company address, contact name, email address, contact phone number, product name, quantity, issue description and company bank account details.
After her review, the privacy engineer recommends setting certain capture fields as `non-mandatory`. Setting which of the following fields as `non-mandatory` would be the best example of the principle of data minimization?
- A . The contact phone number field.
- B . The company address and name.
- C . The contact name and email address.
- D . The company bank account detail field.
SCENARIO
Carol was a U.S.-based glassmaker who sold her work at art festivals. She kept things simple by only accepting cash and personal checks.
As business grew, Carol couldn’t keep up with demand, and traveling to festivals became burdensome. Carol opened a small boutique and hired Sam to run it while she worked in the studio. Sam was a natural salesperson, and business doubled. Carol told Sam, `I don’t know what you are doing, but keep doing it!"
But months later, the gift shop was in chaos. Carol realized that Sam needed help so she hired Jane, who had business expertise and could handle the back- office tasks. Sam would continue to focus on sales. Carol gave Jane a few weeks to get acquainted with the artisan craft business, and then scheduled a meeting for the three of them to discuss Jane’s first impressions.
At the meeting, Carol could not wait to hear Jane’s thoughts, but she was unprepared for what Jane had to say. `Carol, I know that he doesn’t realize it, but some of Sam’s efforts to increase sales have put you in a vulnerable position. You are not protecting customers’ personal information like you should.`
Sam said, `I am protecting our information. I keep it in the safe with our bank deposit. It’s only a list of customers’ names, addresses and phone numbers that I get from their checks before I deposit them. I contact them when you finish a piece that I think they would like. That’s the only information I have! The only other thing I do is post photos and information about your work on the photo sharing site that I use with family and friends. I provide my email address and people send me their information if they want to see more of your work. Posting online really helps sales, Carol. In fact, the only complaint I hear is about having to come into the shop to make a purchase.`
Carol replied, `Jane, that doesn’t sound so bad. Could you just fix things and help us to post even more online?"
`˜I can," said Jane. `But it’s not quite that simple. I need to set up a new program to make sure that we follow the best practices in data management. And I am concerned for our customers. They should be able to manage how we use their personal information. We also should develop a social media strategy.`
Sam and Jane worked hard during the following year. One of the decisions they made was to contract with an outside vendor to manage online sales. At the end of the year, Carol shared some exciting news. `Sam and Jane, you have done such a great job that one of the biggest names in the glass business wants to buy us out! And Jane, they want to talk to you about merging all of our customer and vendor information with theirs beforehand."
When initially collecting personal information from customers, what should Jane be guided by?
- A . Onward transfer rules.
- B . Digital rights management.
- C . Data minimization principles.
- D . Vendor management principles