What is the most important requirement to fulfill when transferring data out of an organization? A. Ensuring the organization sending the data controls how the data is tagged by the receiver. B. Ensuring the organization receiving the data performs a privacy impact assessment. C. Ensuring the commitments made to the data owner are followed. D. […]

What is the distinguishing feature of asymmetric encryption? A. It has a stronger key for encryption than for decryption. B. It employs layered encryption using dissimilar methods. C. It uses distinct keys for encryption and decryption. D. Itis designed to cross operating systems. Reference: https://www.cryptomathic.com/news-events/blog/classification-of-cryptographic-keys-functions-and-properties

Which is NOT a suitable action to apply to data when the retention period ends? A. Aggregation. B. De-identification. C. Deletion. D. Retagging.

What is the main function of a breach response center? A. Detecting internal security attacks. B. Addressing privacy incidents. C. Providing training to internal constituencies. D. Interfacing with privacy regulators and governmental bodies.

Which of the following became a foundation for privacy principles and practices of countries and organizations across the globe? A. The Personal Data Ordinance. B. The EU Data Protection Directive. C. The Code of Fair Information Practices. D. The Organization for Economic Co-operation and Development (OECD) Privacy Principles. Reference: https://privacyrights.org/resources/review-fair-information-principles-foundation-privacy-public-policy

What was the first privacy framework to be developed? A. OECD Privacy Principles. B. Generally Accepted Privacy Principles. C. Code of Fair Information Practice Principles (FIPPs). D. The Asia-Pacific Economic Cooperation (APEC) Privacy Framework. Reference: http://oecdprivacy.org

A key principle of an effective privacy policy is that it should be? A. Written in enough detail to cover the majority of likely scenarios. B. Made general enough to maximize flexibility in its application. C. Presented with external parties as the intended audience. D. Designed primarily by the organization’s lawyers.

SCENARIO Carol was a U.S.-based glassmaker who sold her work at art festivals. She kept things simple by only accepting cash and personal checks. As business grew, Carol couldn’t keep up with demand, and traveling to festivals became burdensome. Carol opened a small boutique and hired Sam to run it while she worked in the […]

Which of the following is considered a client-side IT risk? A. Security policies focus solely on internal corporate obligations. B. An organization increases the number of applications on its server. C. An employee stores his personal information on his company laptop. D. IDs used to avoid the use of personal data map to personal data […]

What would be an example of an organization transferring the risks associated with a data breach? A. Using a third-party service to process credit card transactions. B. Encrypting sensitive personal data during collection and storage C. Purchasing insurance to cover the organization in case of a breach. D. Applying industry standard data handling practices to […]