Practice Free CIPT Exam Online Questions
Which is NOT a drawback to using a biometric recognition system?
- A . It can require more maintenance and support.
- B . It can be more expensive than other systems
- C . It has limited compatibility across systems.
- D . It is difficult for people to use.
SCENARIO
Please use the following to answer the next question:
Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.
The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app. The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app. LBH’s privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements
Privacy by Design (PbD) into the application development process.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) for the new Light Blue Health application currently in development.
Which of the following best describes a risk that is likely to result in a privacy breach?
- A . Limiting access to the app to authorized personnel.
- B . Including non-transparent policies, terms and conditions in the app.
- C . Insufficiently deleting personal data after an account reaches its retention period.
- D . Not encrypting the health record when it is transferred to the Light Blue Health servers.
Which of the following became a foundation for privacy principles and practices of countries and organizations across the globe?
- A . The Personal Data Ordinance.
- B . The EU Data Protection Directive.
- C . The Code of Fair Information Practices.
- D . The Organization for Economic Co-operation and Development (OECD) Privacy Principles.
What is the distinguishing feature of asymmetric encryption?
- A . It has a stronger key for encryption than for decryption.
- B . It employs layered encryption using dissimilar methods.
- C . It uses distinct keys for encryption and decryption.
- D . It is designed to cross operating systems.
SCENARIO
Please use the following to answer next question:
EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.
The app collects the following information:
✑ First and last name
✑ Date of birth (DOB)
✑ Mailing address
✑ Email address
✑ Car VIN number
✑ Car model
✑ License plate
✑ Insurance card number
✑ Photo
✑ Vehicle diagnostics
✑ Geolocation
What would be the best way to supervise the third-party systems the EnsureClaim App will share data with?
- A . Review the privacy notices for each third-party that the app will share personal data with to determine adequate privacy and data protection controls are in place.
- B . Conduct a security and privacy review before onboarding new vendors that collect personal data from the app.
- C . Anonymize all personal data collected by the app before sharing any data with third-parties.
- D . Develop policies and procedures that outline how data is shared with third-party apps.
SCENARIO
Please use the following to answer the next question:
Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.
The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app. The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app. LBH’s privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements
Privacy by Design (PbD) into the application development process.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.
What is the best way to ensure that the application only collects personal data that is needed to fulfill its primary purpose of providing potential medical and healthcare recommendations?
- A . Obtain consent before using personal health information for data analytics purposes.
- B . Provide the user with an option to select which personal data the application may collect.
- C . Disclose what personal data the application the collecting in the company Privacy Policy posted online.
- D . Document each personal category collected by the app and ensure it maps to an app function or feature.
What risk is mitigated when routing meeting video traffic through a company’s application servers rather than sending the video traffic directly from one user to another?
- A . The user’s identity is protected from the other user
- B . The user is protected against cyberstalking attacks
- C . The user’s IP address is hidden from the other user
- D . The user is assured that stronger authentication methods have been used
C
Explanation:
Routing meeting video traffic through a company’s application servers rather than sending it directly from one user to another mitigates the risk of exposing the user’s IP address to the other user. By routing traffic through a centralized server, the direct exchange of IP addresses between users is avoided, thereby enhancing privacy and security. The IAPP’s CIPT resources discuss network security measures and their importance in protecting user identities and preventing cyber threats like IP tracking and exposure.
Machine-learning based solutions present a privacy risk because?
- A . Training data used during the training phase is compromised.
- B . The solution may contain inherent bias from the developers.
- C . The decision-making process used by the solution is not documented.
- D . Machine-learning solutions introduce more vulnerabilities than other software.
A
Explanation:
Machine-learning solutions present a privacy risk primarily because the training data used during the
training phase may contain sensitive information. If this data is compromised, it can lead to privacy
breaches. Machine-learning models can also inadvertently memorize and reproduce sensitive data
from the training set.
Reference: IAPP CIPT Study Guide, "Privacy Risks in Machine Learning," which discusses the significance of ensuring the security and privacy of training data.
A key principle of an effective privacy policy is that it should be?
- A . Written in enough detail to cover the majority of likely scenarios.
- B . Made general enough to maximize flexibility in its application.
- C . Presented with external parties as the intended audience.
- D . Designed primarily by the organization’s lawyers.
What element is most conducive to fostering a sound privacy by design culture in an organization?
- A . Ensuring all employees acknowledge and understood the privacy policy.
- B . Frequent privacy and security awareness training for employees.
- C . Monthly reviews of organizational privacy principles.
- D . Gaining advocacy from senior management.
D
Explanation:
A strong privacy by design culture within an organization is best fostered when senior management advocates for and supports privacy initiatives. The IAPP documentation underscores that leadership commitment is crucial for establishing and maintaining a robust privacy program. Senior management advocacy ensures that privacy considerations are prioritized across the organization, leading to more effective implementation of privacy by design principles and a stronger overall privacy culture.