CIPP Guide

Your Guide to the CIPP

CIPP Prep Materials

DVD Tests

Revision 2.0.36
CIPP Guide's CIPP Prep Materials

Published by Jon-Michael Brook, Clearwater, FL.

Copyright 2007 - 2010 Jon-Michael Brook and the CIPP Guide

No part of this publication may be reproduced, stored in a retrieval system or transmitted in

any form or by any means, electronic, mechanical, photocopying, recording, scanning or
otherwise, except as permitted under Sections 107 or 108 of the 1976 United States
Copyright Act, without either the prior written permission of the Publisher. Requests to the
Publisher for permission should be addressed to the Permissions Department, 2541
Estancia Blvd, Clearwater, FL 33761, (727) 564-9101, fax (440) 445-7338, or by email at
publisher@cippguide.org.
Trademarks: The CIPPGuide Sleuth Logo, Your Guide to the CIPP, cippguide.org,
cippguide.com,and related trade dress are trademarks or registered trademarks of Jon-
Michael C. Brook, the CIPPguide and/or its affiliates in the United States and other
countries, and may not be used without written permission. All other trademarks are the
property of their respective owners. Jon-Michael C. Brook is not associated with any
product or vendor outside of the CIPP Guide mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND

THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH
RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF
THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING
WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR
PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED
HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS
SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT
ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER
PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED,
THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE
SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE
FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION
OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A
POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT
THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE
ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT
MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET
WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED
BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

CIPP__DVD_Tests Page 1
 Table
of
Contents

CIPP Prep Materials:

DVD Tests
The CIPP Exam
The CIPP Exam..................................................................................................................i
Introduction......................................................................................................................1
CIPP DVD Tests 1..............................................................................................................3
CIPP DVD Tests 2..............................................................................................................9
CIPP DVD Tests 3............................................................................................................15
CIPP DVD Tests 4............................................................................................................21

i v. 2.0.36
 Introduction

CIPP Prep Materials

DVD Tests
Introduction

This booklet consolidates all of the tests from the CIPPguide website as of its date of
publication. Each chapter corresponds to a roughly 25 question test on site. At the end of
each chapter includes the answers. Explanations may be found on the website in the
interactive test engine. Best of luck on the exam!

1 v2.0.36
CIPP__DVD_Tests 2
 CIPP
DVD Tests
1

CIPP Prep Materials

DVD Tests
CIPP DVD Tests 1
Questions
1. Which of the following is not a branch of US government?

A. Federal
B. Legislative
C. Executive
D. Judicial

2. The Executive Branch of the US government is responsible for:

A. Approving laws
B. Creating laws
C. Interpreting laws
D. Enforcing laws

3. The House and the Senate make up which of the following branches of US
government?

A. Congressional
B. Legislative
C. Federal
D. Judicial

4. Sources of law in the US include:

A. only the statutes that have been developed by the Legislative Branch of
government.
B. statues enacted by the Legislative branch and regulations developed by Federal
agencies.
C. statutes, regulations and case law

3 v2.0.36
D. statues, regulations, case law and common law.

5. In the United States, principles, or rights of individuals that exist despite

the lack of law are referred to as:

A. common law
B. civil law
C. regulations
D. case law

6. Which of the following is a privacy regulating body in the US?

A. FTC (Federal Trade Commission)

B. FCC (Federal Communications Commission)
C. HHS (Department of Health and Human Services)
D. all of the above

7. Which of the following bodies represents an expert resource for other Federal
agencies in terms of privacy issues?

A. Federal Communications Commission

B. Department of Commerce
C. Federal Reserve
D. Federal Trade Commission

8. TRUSTe, BBB and CARU are all examples of:

A. Federal regulations
B. privacy legislation
C. industry self-regulation
D. both a and b

9. The authority of a court to hear a specific case is referred to as:

A. legal ability
B. jurisdiction
C. practical authority
D. administration rights

10. Which of the following is also referred to a conflicts of law doctrine?

A. preemption
B. displacement
C. jurisdiction
D. legal authority

11. In order to properly analyze a law, privacy experts ask:

CIPP__DVD_Tests 4
A. 3 questions
B. 4 questions
C. 5 questions
D. 6 questions

12. The California SB 1386 covers:

A. health insurance information from California residents.

B. personal information of employees in the state of California.
C. computerized personal information of California residents.
D. SSN information from organizations in the state of California.

13. The California SB 1386 requires that:

A. medical information is not collected or stored by state employees in California.

B. computerized personal information is appropriately protected.
C. inappropriate access of encrypted or unencrypted personal information must be
promptly reported to the affected individuals.
D. inappropriate access of unencrypted personal information must be promptly
reported to the affected individuals.

14. Which of the following was the first national privacy law to be enacted?

A. Fair Credit Reporting Act

B. Fair Information Practice Principles
C. PHIPA (Personal Health Information Protection Act)
D. EU Data Protection Directive

15. Identity theft provisions were added to the Fair Credit Reporting Act (FCRA)
in:

A. 1990
B. 1996
C. 2000
D. 2003

16. The US FCRA (Fair Credit Reporting Act) covers:

A. persons that compile consumer reports

B. persons who use consumer reports
C. consumers who have data collected
D. both a and b only

17. Consumer reports include information that pertains to:

A. public information only.

5 v2.0.36
B. an individual's financial information only.
C. seven specific factors about an individual.
D. financial information and employment history.

18. Which of the following is FALSE, according to the FCRA (Fair Credit Reporting
Act)?

A. Consumer reports can only be used for permissible purposes.

B. It is prohibited to use third party data.
C. Consumers must have access to their reports and correct/dispute any errors.
D. Compilers and users of consumer reports must comply with other requirements on
users and furnishers of consumer information.

19. All of the following bodies enforce the US Fair Credit Reporting Act (FCRA)
EXCEPT:

A. FTC (Federal Trade Commission)

B. state attorneys general
C. FCC (Federal Communications Commission)
D. individuals

20. The US Federal financial privacy law is the:

A. Gramm-Leach-Bliley Act
B. Fair Credit Reporting Act
C. Fair and Accurate Credit Transactions Act
D. California SB 1368

21. The GLBA (Gramm-Leach-Bliley Act) covers:

A. US-based financial institutions

B. financial data processors
C. educational institutions for financial professionals
D. any entity that significantly engages in financial activities

22. Which of the following is regulated by the GLBA (Gramm-Leach-Bliley Act)?

A. information that a consumer provides to a financial institution

B. non-public personal financial information
C. information from a transaction between a financial institution and a consumer
D. information that a financial institution has regarding a consumer

23. The GLBA (Gramm-Leach-Bliley Act) requires all of the following, EXCEPT:

A. financial institutions are prohibited from sharing information with other

companies or service providers.
B. financial institutions must give consumers an opportunity to opt-out of sharing
data.

CIPP__DVD_Tests 6
C. financial institutions must provide consumer customers with notices about
privacy and security.
D. financial institutions may share data with other financial institutions.

24. According to the GLBA (Gramm-Leach-Bliley Act), financial institutions may

share consumer information with all of the following entities, without an opt-out
process, EXCEPT:

A. affiliated companies
B. non-affiliated companies
C. other financial institutions
D. joint marketing partners

25. Together, the FTC (Federal Trade Commission) and federal financial regulators
published which of the following to support the GLBA (Gramm-Leach-Bliley Act)?

A. Privacy Rule
B. Safeguards Rule
C. Security Rule
D. both a and b

7 v2.0.36
Answers
1. A
2. D
3. B
4. D
5. A
6. D
7. D
8. C
9. B
10. A
11. D
12. C
13. D
14. A
15. D
16. D
17. C
18. B
19. C
20. A
21. D
22. B
23. A
24. B
25. D

CIPP__DVD_Tests 8
 CIPP DVD Tests
2

CIPP Prep Materials

DVD Tests
CIPP DVD Tests 2
Questions
1. According to the GLBA (Gramm-Leach Bliley Act) Safeguards Rule, all of the
following types of security are required except:

A. technical security
B. physical security
C. access security
D. administrative security

2. According to the GLBA (Gramm-Leach-Bliley Act) Safeguards Rule, which of the

following is NOT included under technical security requirements?

A. computer system security

B. encryption
C. risk assessments
D. access control

3. All of the following parties are able to enforce the GLBA (Gramm-Leach-Bliley
Act) EXCEPT:

A. state attorneys general

B. individuals
C. FTC
D. financial institution regulators

4. Which of the following laws cover essentially the same thing as the GLBA (Gramm-
Leach-Bliley Act)?

A. California SB 1
B. HIPAA
C. COPPA
D. TSR

9 v2.0.36
5. The California SB 1 requires all of the following EXCEPT:

A. FIs (financial institutions) are prohibited from sharing personal information

with non-affiliates.
B. FIs must offer an opt-out if they share personal information with affiliates.
C. FIs can only share personal information with non-affiliates with opt-in consent.
D. FIs must offer an opt-out if they share personal information with joint
marketing partners.

6. All of the following parties are able to enforce the California SB 1, EXCEPT:

A. individuals
B. California state banking regulators
C. FTC
D. California attorney general

7. Typically, US state security laws apply to all of the following EXCEPT:

A. financial account number

B. name and SSN
C. driver's license number
D. anonymized information

8. According to state security laws, which of the following states specifically

requires that sensitive personal information is encrypted?

A. New York
B. California
C. Nevada
D. Maine

9. According to state security laws, which of the following states requires that
access to sensitive personal information be limited to paper records?

A. New York
B. California
C. Nevada
D. Maine

10. Many state security laws have special rules for social security numbers, which
include all of the following EXCEPT:

A. SSNs cannot be printed on ID cards

B. SSNs can be printed on paychecks, but only if necessary
C. SSNs cannot be publicly displayed
D. Individuals cannot be required to provide SSNs

CIPP__DVD_Tests 10
11. In which state must organizations notify affected individuals in the case of a
privacy breach, despite the fact that there is no risk of harm?

A. Arizona
B. Texas
C. California
D. New Jersey

12. Unlike other state security laws, the state of Oregon requires that which of
the following pieces of information is included in a breach notification letter?

A. the date of the breach

B. contact information for state regulators
C. contact information for consumer reporting agencies
D. a description of the incident

13. The HIPAA (Health Insurance Portability and Accountability Act) directly covers
all of the following entities EXCEPT:

A. health plans
B. users of personal health information
C. health care providers
D. health care clearinghouses

14. Which of the following is a required use/disclosure under the HIPAA (Health
Insurance Portability and Accountability Act)?

A. Disclosure with informal consent

B. Disclosure for public health purposes, such as research
C. Disclosure to Health and Human Services
D. Disclosure when it is in the best interests of the individual

15. All of the following are HIPAA (Health Insurance Portability and Accountability
Act) Privacy Rule fundamentals, EXCEPT:

A. Appropriate security must be ensured.

B. An individual must be appointed as a privacy official.
C. Records of disclosures must be maintained.
D. An individual must be appointed for handling complaints.

16. The HIPAA (Health Insurance Portability and Accountability Act), Security Rule
applies to:

A. protected health information (PHI)

B. any health information
C. PHI that has been encrypted
D. PHI in electronic format

11 v2.0.36
17. There are two rules under the HIPAA (Health Insurance Portability and
Accountability Act), the:

A. Privacy Rule and Safeguards Rule

B. Security Rule and Privacy Rule
C. Security Rule and Safeguards Rule
D. Breach Rule and Safeguards Rule

18. All of the following entities enforce the HIPAA (Health Insurance Portability
and Accountability Act), EXCEPT:

A. US Department of Health and Human Services

B. State governors
C. Office of Civil Rights
D. Centers for Medicare and Medicaid Services

19. If an entity does not comply with the HIPAA (Health Insurance Portability and
Accountability Act) it could face fines of up to:

A. $1000
B. $20000
C. $250000
D. $1 million

20. The HIPAA (Health Insurance Portability and Accountability Act) Security Rule
is enforced by:

A. state attorneys general

B. Office of Civil Rights
C. US Department of Health and Human Services
D. Centers for Medicare and Medicaid Services

21. The HIPAA (Health Insurance Portability and Accountability Act) Privacy Rule is
enforced by:

A. state attorneys general

B. Office of Civil Rights
C. US Department of Health and Human Services
D. Centers for Medicare and Medicaid Services

22. The HIPAA (Health Insurance Portability and Accountability Act) exists for all
of the following reasons EXCEPT:

A. to move towards electronic health care transactions

B. to preempt state laws
C. to improve efficiency of the health care system
D. to establish electronic data standards

CIPP__DVD_Tests 12
23. Who is regulated under the COPPA (Children's Online Privacy Act)?

A. children under the age of 12

B. commercial web site operators
C. children's media organizations
D. all of the above

24. The COPPA (Children's Online Privacy Act) covers collection and use of
information from children under the age of:

A. 10
B. 12
C. 13
D. 16

25. According to the COPPA (Children's Online Privacy Act), website operators are
to collect personal information from children, they must first secure:

A. opt-in consent from the child

B. strong consent from the child
C. parental consent in writing
D. verifiable parental consent

13 v2.0.36
Answers

1. C
2. C
3. B
4. A
5. A
6. C
7. D
8. C
9. A
10. B
11. C
12. A
13. B
14. C
15. D
16. D
17. B
18. B
19. C
20. D
21. B
22. B
23. B
24. C
25. D

CIPP__DVD_Tests 14
 CIPP DVD Tests
3

CIPP Prep Materials

DVD Tests
CIPP DVD Tests 3

Questions
1. CARU (Children's Advertising Review Unit) is an organization responsible for
understanding how children are marketed to. It is part of the:

A. Federal Communications Commission

B. Better Business Bureau
C. Federal Trade Commission
D. Office of Consumer Protection

2. In general, US laws regulating marketing communications require:

A. opt-in choice
B. opt-out choice
C. both opt-in and opt-out options
D. non of the above

3. According to US marketing laws, opt-in is required in all the following

circumstances EXCEPT:

A. email or SMS to wireless devices

B. faxing outside an existing relationship
C. telemarketing with a live operator
D. pre-recorded telemarketing messages

4. Telemarketing registries must be scrubbed against the US federal Do-Not-Call

Registry:

A. every week
B. every month
C. every year
D. every two years

15 v2.0.36
5. Which of the following entities has the ability to enforce the US federal Do-
Not-Call Registry?

A. Better Business Bureau

B. state attorney generals
C. Federal Trade Commission
D. individuals

6. According to the Federal Trade Commission's all of the following are included
under the Telemarketing Sales Rules (TSR), EXCEPT:

A. caller ID information must be displayed

B. the caller must identify him/herself and the product being sold
C. records must be retained for 12 months
D. calls can only be made between 8AM and 9PM

7. All of the following entities are regulated by the Federal Trade Commission's
Telemarketing Sales Rules, EXCEPT:

A. campaigns for charitable contributions

B. calls regarding the purchase of a product
C. calls regarding subscriptions to services
D. non-profit organizations calling on their own behalf

8. According to the national Do-Not-Call registry, "existing business

relationships" are defined as calls:

A. to existing customers and prospects within 18 months

B. to existing customers within 18 months
C. to prospective customers within 90 days
D. both b and c are true

9. Which of the following statements is TRUE regarding US state telemarketing

rules?

A. Less than 12 states have telemarketing rules.

B. The Federal Trade Commission's (FTC) Telemarketing Sales Rules (TSR) do not
preempt state laws.
C. Most telemarketing companies do not need to respect state do-not-call
registries.
D. State telemarketing rules are identical to the FTC's TSR.

10. According to FCC (Federal Communication Commission) regulations:

A. unsolicited commercial faxes are not currently prohibited, but discouraged.

B. unsolicited faxes are allowed, but for commercial purposes only.
C. unsolicited commercial faxes have been prohibited since 2000.

CIPP__DVD_Tests 16
D. unsolicited commercial faxes have been prohibited since 1991.

11. The JFPA (Junk Fax Prevention Act) permits commercial faxes:

A. as long as opt-in choice was presented.

B. as long as opt-out was provided.
C. as long as there is a pre-existing customer relationship.
D. none of the above; commercial faxes are never permitted.

12. All of the following statements regarding the JFPA (Junk Fax Prevention Act)
are true, EXCEPT:

A. The organization must have either an existing business relationship or the

customer's fax number before sending unsolicited commercial faxes.
B. Existing business relationships are based on a previous inquiry, application,
purchase or transaction between the company and the customer.
C. Opt-out choice must be clear and free of charge.
D. Any fax numbers obtained from third parties must be verified before use.

13. The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and
Marketing Act, 2003) covers the transmission of:

A. commercial faxes
B. commercial phone calls
C. commercial e-mail messages
D. all of the above

14. According to the CAN-SPAM Act (Controlling the Assault of Non-Solicited

Pornography and Marketing Act, 2003) all of the following statements are true,
EXCEPT:

A. opt-outs must be processed within ten days.

B. e-mail messages must include the company's physical address.
C. e-mail messages can only be sent to individuals with an existing business
relationship.
D. e-mails cannot include false or deceptive messages or headers.

15. Which of the following statements is TRUE regarding sending commercial messages
to wireless devices?

A. The sender is prohibited from charging fees for the consent or revocation
process.
B. Opt-out choice must be provided.
C. This is regulated by the FCC.
D. The individual must be presented with a consent form with specific criteria.

16. When comparing EU with US workplace privacy approaches, which of the following

17 v2.0.36
is NOT true?

A. US regulations emphasize employer duties.

B. EU regulations provide for limited background checks.
C. US regulations provide for continuous, multi-dimensional employee monitoring.
D. EU regulations emphasize employer rights.

17. Which of the following is NOT a goal of HR (Human Resources)?

A. attract and retain excellent employees

B. manage costs associated with HR functions
C. creating short-term strategies for the organization
D. support corporate planning functions with tools and data

18. All of the following are characteristics of US workplace privacy approaches,

EXCEPT:

A. Limited employee expectations of privacy.

B. Privacy concerns predominate.
C. Background checks are required and aggressive.
D. Employee monitoring is continuous and multi-dimensional.

19. All of the following are characteristic of EU workers' rights, EXCEPT:

A. Employees must be provided with detailed notices.

B. Employee data is solely regulated by the EU Directive.
C. Data processing activities require notification to the appropriate data
protection authorities and works councils.
D. Local processing and cross-border transfers are restricted.

20. All of the following are characteristics of workplace privacy regulations in

the US, EXCEPT:

A. Federal laws often preempt state laws.

B. Both federal and state laws regulate employment and HR data management.
C. The majority of US labor laws include data collection and/or data management
practices.
D. US workplace privacy laws require and prohibit specific data handling practices
at all stages of the employment relationship (before, during and after employment).

21. All of the following entities regulate workplace privacy in the US except:

A. Equal Employment Opportunity Commission

B. Department of Health and Human Services
C. Better Business Bureau
D. Department of Labor

22. All of the following are US Federal laws that restrict the information that an

CIPP__DVD_Tests 18
employer can collect from employees, EXCEPT:

A. Civil Rights Act of 1964

B. Equal Pay Act of 1963
C. Americans with Disabilities Act of 1990
D. Electronic Communications Privacy Act of 1986

23. All of the following are US Federal laws that regulate employee benefits
management, EXCEPT:

A. Consolidated Omnibus Budget Reconciliation Act

B. Family and Medical Leave Act
C. Equal Pay Act
D. Employee Retirement Income Security Act

24. Which of the following laws regulates the use of consumer reports in employee
background checks?

A. Fair Labor Standards Act

B. Fair Credit Reporting Act
C. Immigration Reform and Control Act
D. Occupational Safety and Health Act

25. During a job application process, an employer is prohibited from asking

questions regarding applicants':

A. race
B. gender
C. national origin
D. all of the above

19 v2.0.36
Answers

1. B
2. B
3. C
4. B
5. C
6. C
7. D
8. D
9. B
10. D
11. B
12. A
13. C
14. C
15. B
16. D
17. C
18. B
19. B
20. A
21. C
22. D
23. C
24. B
25. D

CIPP__DVD_Tests 20
 CIPP DVD Tests
4

CIPP Prep Materials

DVD Tests
CIPP DVD Tests 4

Questions
1. About which of the following would an employer be legally able to ask a job
applicant?

A. height and weight

B. religion
C. pregnancy status
D. the nature and severity of a disability or illness

2. It is acceptable for an employer to ask a job applicant about all of the

following, except:

A. If an applicant is prevented from being lawfully employed, due to visa or

immigration status.
B. If an applicant can read, write and speak foreign languages, if it relates to
job requirements.
C. If an applicant is a US citizen.
D. If an applicant will provide proof of a legal right to work in the country,
after he/she is hired.

3. It is acceptable for an employer to ask a job applicant about:

A. convictions made within the last year.

B. arrests or convictions made within the last five years.
C. convictions made within the last ten years.
D. arrests within the last ten years.

4. Which of the following statements is NOT true of workplace photograph practices?

A. Employers in the EU require employee consent for use of photographs.

B. Employers in the US may not request photographs from their employees, even if
the submission is voluntary.

21 v2.0.36
C. Posting photos on websites should be done with employee consent.
D. Employers are not permitted to request that applicants submit a photograph
before they are hired.

5. Which of the following statements is TRUE regarding the collection of SSN

(social security numbers)?

A. There are very few state laws regarding the collection of SSNs.
B. The best practice is collection of SSNs from employees as soon as possible.
C. If SSN information is leaked, a security breach notification need not be
released.
D. There are no laws that prohibit the collection of SSN prior to job offer.

6. Personality, psychological and performance tests may be problematic, according

to which of the following laws?

A. Americans with Disabilities Act

B. Civil Rights Act of 1964
C. Equal Opportunity Employment Act
D. Genetic Information Nondiscrimination Act

7. The Employee Polygraph Protection Act of 1998 (EPP) prohibits employers from
doing all of the following EXCEPT:

A. Requesting that an applicant take a lie detector test.

B. Requiring a current employee to take a lie detector test.
C. Referring to or inquiring about test results.
D. Using licensed and bonded testing professionals to conduct polygraph tests in
certain cases.

8. Which of the following statements is NOT true about workplace drug and alcohol
tests in the US?

A. Routine drug testing is permitted if employees are notified of this practice

when they are hired.
B. Pre-employment screening to identify present addiction to illegal drugs is
permitted.
C. Employers can use drug/alcohol tests as a condition for continued employment, if
there is a reasonable suspicion.
D. In certain jurisdictions, random drug testing is prohibited.

9. Types of genetic testing include:

A. screening and monitoring

B. screening, monitoring and marking
C. monitoring and marking
D. screening only

CIPP__DVD_Tests 22
10. Periodic testing of genetic material to identify modifications due to workplace
conditions is referred to as:

A. examining
B. screening
C. monitoring
D. regulating

11. Which of the following should not be included in an employee background check?

A. credit records
B. professional credentials
C. arrests
D. civil litigation history

12. Which of the following statements regarding the FCRA (Fair Credit Reporting
Act) is NOT true?

A. The FCRA applies whenever criminal records are accessed to make a decision about
employment.
B. Usage of third-party data for employment screening is prohibited under the FCRA.
C. Use of search engines to screen prospective employees is prohibited.
D. Employers require the employees written consent to use consumer reports for
decision making purposes (e.g. qualification for a promotion).

13. The Family Educational Privacy Rights Act (FERPA) protects:

A. consumer records
B. driving records
C. academic records
D. racial or ethnic information

14. Employee monitoring is done for which of the following reasons?

A. to prevent loss of intellectual property

B. to protect public health and safety
C. to ensure quality control
D. all of the above

15. Which of the following is true of the US Wiretap Act?

A. Monitoring of business phone calls is permitted, as long as one party consents.

B. Monitoring of business phone calls requires the consent from both parties.
C. Phone calls - business or personal - may not be monitored under any
circumstances.
D. Any consent to phone call monitoring must be done in writing only.

23 v2.0.36
16. Which of the following is NOT true regarding video monitoring in the US?

A. It is limited to non-private areas in the workplace.

B. Video monitoring is regulated by federal statutes.
C. If the video surveillance captures audio, it is also subject to the US Wiretap
Act.
D. There are a number of state privacy laws that regulate video monitoring.

17. Monitoring of e-mail is permissible if:

A. the company has user consent.

B. the company has user consent or owns the equipment on which the email is stored.
C. the company monitors the email through an automated system.
D. none of the above; e-mail monitoring is not permissible under Federal laws.

18. Which of the following states have specific statues requiring notice prior to
electronic monitoring in the workplace?

A. Delaware
B. Florida
C. California
D. Illinois

19. Which of the following statements is NOT true of employee monitoring outside
the US?

A. Monitoring must be proportionate to the practices it is to detect or prevent.

B. The results of workplace monitoring must be treated as highly sensitive data.
C. Monitoring practices may require the consent of authorities and works councils.
D. In many EU countries, employee monitoring is less regulated than in the US.

20. FACTA (Fair and Accurate Credit Transactions Act) permits third-party workplace
investigations, for all of the following situations, EXCEPT:

A. If the report is only given to the employer, government regulators and self-
regulatory organizations.
B. If the report is a result of an investigation conducted for specific purposes
(i.e. due to suspected misconduct).
C. If the report is released to future employers, it is treated as highly sensitive
data.
D. If the report does not include an investigation of credit worthiness.

21. When the executive branch sues a person because of violation of a criminal law,
this is referred to as:

A. executive litigation
B. criminal litigation
C. civil litigation

CIPP__DVD_Tests 24
D. federal litigation

22. A company breaches a legal duty to safeguard sensitive information and as a

result, individuals are harmed by this breach. The company would be liable on the
basis of:

A. negligence
B. deceptive trade practices
C. unfair practices
D. all of the above

23. Commercial conduct that results in substantial injury is referred to as:

A. harmful trade practices

B. negligent trade practices
C. unfair trade practices
D. problematic trade practices

24. Which of the following is true of international transfers of sensitive

information?

A. International branches or contractors are responsible for inappropriate uses of

sensitive information.
B. Multi-national corporations must also consider other countries' regulations of
personal information.
C. Personal information that is brought to the US remains subject to requirements
of its country of origin.
D. US laws do not restrict geographic transfers of personal information.

25. Which of the following is NOT considered a risk of an information management

program?

A. return on investment
B. reticence and over-compliance costs
C. change management practices
D. legal compliance obligations

25 v2.0.36
Answers

1. A
2. C
3. C
4. B
5. D
6. A
7. D
8. B
9. A
10. C
11. C
12. B
13. C
14. D
15. A
16. B
17. B
18. A
19. D
20. C
21. B
22. A
23. C
24. A
25. C

CIPP__DVD_Tests 26