CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. IAPP
  5. CIPM

Free CIPM Exam Braindumps (page: 27)

Page 27 of 54
PDF with 276 Questions

SCENARIO:
Please use the following to answer the next question:

Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the Society’s store had been hacked. The thefts could have been employee-related.

Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the “misunderstanding” has not occurred again.

As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters, however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues of sales of items such as shirts and coffee cups from the store have been significant. The Society’s operating budget is slim, and all sources of revenue are essential.

Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data cloud. “The good news,” he says, “is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a small charge to pass through to you, it won’t be exorbitant, especially considering the advantages of a cloud.”

Lately, you have been hearing about cloud computing and you know it’s fast becoming the new paradigm for various applications. However, you have heard mixed reviews about the potential impacts on privacy protection. You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared conventions and technologies for privacy protection. You make a note to find out if Jason’s Finnish provider is signing on.

What is the best way for your vendor to be clear about the Society’s breach notification expectations?

  1. Include notification provisions in the vendor contract
  2. Arrange regular telephone check-ins reviewing expectations
  3. Send a memorandum of understanding on breach notification
  4. Email the regulations that require breach notifications

Answer(s): A



What is the function of the privacy operational life cycle?

  1. It establishes initial plans for privacy protection and implementation
  2. It allows the organization to respond to ever-changing privacy demands
  3. It ensures that outdated privacy policies are retired on a set schedule
  4. It allows privacy policies to mature to a fixed form

Answer(s): A


Reference:

https://www.bdo.com/blogs/nonprofit-standard/august-2018/guide-to-implementing-a-holistic-privacy-program



Which is the best way to view an organization’s privacy framework?

  1. As an industry benchmark that can apply to many organizations
  2. As a fixed structure that directs changes in the organization
  3. As an aspirational goal that improves the organization
  4. As a living structure that aligns to changes in the organization

Answer(s): B



An organization is establishing a mission statement for its privacy program. Which of the following statements would be the best to use?

  1. This privacy program encourages cross-organizational collaboration which will stop all data breaches
  2. Our organization was founded in 2054 to reduce the chance of a future disaster like the one that occurred ten years ago. All individuals from our area of the country should be concerned about a future disaster. However, with our privacy program, they should not be concerned about the misuse of their information.
  3. The goal of the privacy program is to protect the privacy of all individuals who support our organization. To meet this goal, we must work to comply with all applicable privacy laws.
  4. In the next 20 years, our privacy program should be able to eliminate 80% of our current breaches. To do this, everyone in our organization must complete our annual privacy training course and all personally identifiable information must be inventoried.

Answer(s): C



Page 27 of 54



Post your Comments and Discuss IAPP CIPM exam with other Community members:

Thato Mohutsi commented on August 20, 2024
Great Questions
Anonymous
upvote