Free CIPT Exam Braindumps (page: 25)

Page 24 of 54

Which of the following does NOT illustrate the `respect to user privacy' principle?

  1. Implementing privacy elements within the user interface that facilitate the use of technology by any visually-challenged users.
  2. Enabling Data Subject Access Request (DSARs) that provide rights for correction, deletion, amendment and rectification of personal information.
  3. Developing a consent management self-service portal that enables the data subjects to review the details of consent provided to an organization.
  4. Filing breach notification paperwork with data protection authorities which detail the impact to data subjects.

Answer(s): D



Value Sensitive Design (VSD) focuses on which of the following?

  1. Quality and benefit.
  2. Ethics and morality.
  3. Principles and standards.
  4. Privacy and human rights.

Answer(s): C



SCENARIO

Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne's Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on-hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system.
While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.

You recall a recent visit to the Records Storage Section in the basement of the old hospital next to the modern facility, where you noticed paper records sitting in crates labeled by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. On the back shelves of the section sat data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the records storage section, you noticed a man leaving whom you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
You quickly realize that you need a plan of action on the maintenance, secure storage and disposal of data.

Which cryptographic standard would be most appropriate for protecting patient credit card information in the records system at St. Anne's Regional Medical Center?

  1. Symmetric Encryption
  2. Tokenization
  3. Obfuscation
  4. Certificates

Answer(s): B



A privacy engineer has been asked to review an online account login page. He finds there is no limitation on the number of invalid login attempts a user can make when logging into their online account.

What would be the best recommendation to minimize the potential privacy risk from this weakness?

  1. Implement a CAPTCHA system.
  2. Develop server-side input validation checks.
  3. Enforce strong password and account credentials.
  4. Implement strong Transport Layer Security (TLS) to ensure an encrypted link.

Answer(s): B






Post your Comments and Discuss IAPP CIPT exam with other Community members:

CIPT Discussions & Posts