QUESTION 21
How could you ensure you are effectively communicating the privacy mission throughout your organization?
A. Resource marketing activity adequately.
B. Assess the content in your privacy awareness program regularity.
C. Consult stakeholders on the implementation of the privacy program.
D. Review the quantity of Data Protection Impact Assessments (DPIAs) to ensure completeness for every project.
Correct Answer: C
QUESTION 22
What is the best way to understand the location, use and importance of personal data within an organization?
A. By analyzing the data inventory.
B. By testing the security of data systems.
C. By evaluating methods for collecting data.
D. By interviewing employees tasked with data entry.
Correct Answer: A
QUESTION 23
What is the role of a privacy champion at the executive level?
A. Act as an advocate and sponsor to further foster privacy as a core organization concept.
B. Act as the privacy advocate and develop a privacy program for the organization.
C. Ensure that privacy laws are adhered to and that the data flow is documented.
D. Act as the Data protection officer and ensure that user data well protected.
Correct Answer: A
QUESTION 24
What should a privacy professional keep in mind when selecting which metrics to collect?
A. Metrics should be reported to the public.
B. The number of metrics should be limited at first.
C. Metrics should reveal strategies for increasing company earnings.
D. A variety of metrics should be collected before determining their specific functions.
Correct Answer: B
QUESTION 25
in Formosa International operates in 20 different countries including the United States and France. What organizational approach would make complying with a number of different regulations easier?
A. Data mapping.
B. Fair Information Practices.
C. Rationalizing requirements.
D. Establish a privacy champion network.
Correct Answer: C
QUESTION 26
Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?
A. All employees are subject to the rules in their entirety, regardless of where the work is taking place.
B. Employees must sign an ad hoc contractual agreement each time personal data is exported.
C. All employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.
D. Employees who control personal data must complete a rigorous certification procedure, is they are exempt from legal enforcement.
Correct Answer: A
QUESTION 27
In addition to regulatory requirements and business practices, what important factors must a global privacy strategy consider?
A. Geographic features.
B. Monetary exchange.
C. Political history.
D. Cultural norms.
Correct Answer: D
QUESTION 28
When devising effective employee policies to address a particular issue, which of the following should be included in the first draft?
A. Rationale for the policy.
B. Points of contact for the employee.
C. Roles and responsibilities of the different groups of individuals.
D. Explanation of how the policy is applied within the organization.
Correct Answer: A
QUESTION 29
What is the best route to take when deciding on data retention policies for a world-wide organization?
A. Decide on specific policies on a case-by-case bases depending on the type and contents of the data.
B. Standardize the policies across the organization based upon the most strict applicable laws.
C. Discuss with the data processors what would be the most convenient for their efforts.
D. Continue using the policies the company has had in place for the past few years.
Correct Answer: B
QUESTION 30
Which of the documents below assists the Privacy Manager in identifying and responding to a request from an individual about what personal information the organization holds about them and with whom the information is shared?
A. Risk register.
B. Privacy policy.
C. Records retention schedule.
D. Personal information inventory.
Correct Answer: D
QUESTION 31
A Data Protection Officer (DPO) who posts privacy message reminders on posters and on company video screens throughout the office to reinforce the
organization’s privacy message is furthering which organizational program?
A. Public Service.
B. Awareness.
C. Training.
D. Ethics.
Correct Answer: B
QUESTION 32
Which of the following is NOT typically a function of a Privacy Officer?
A. Managing an organization’s information security infrastructure.
B. Serving as an interdepartmental liaison for privacy concerns.
C. Responding to information access requests from the public.
D. Monitoring an organization’s compliance with privacy laws.
Correct Answer: A
QUESTION 33
SCENARIO
Please use the following to answer the next question:
Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm’s first ever privacy officer.
While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.
You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year – enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading
this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn’t have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.
After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.
Which of the following actions should you take to measure the firm’s privacy compliance status?
A. Prepare a data inventory.
B. Perform a vulnerability assessment.
C. Assess the current privacy program.
D. Conduct a Privacy Impact Assessment (PIA).
Correct Answer: D
QUESTION 34
SCENARIO
Please use the following to answer the next question:
Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm’s first ever privacy officer.
While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.
You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year – enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading
this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn’t have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.
After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.
Considering the business value of the CRM mobility project, your meeting with the head of IT regarding key aspects of the Vendor shall focus on all of the following EXCEPT?
A. The project data flows.
B. Vendor security controls.
C. Information asset inventory.
D. Standard contractual clauses.
Correct Answer: D
QUESTION 35
SCENARIO
Please use the following to answer the next question:
Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm’s first ever privacy officer.
While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.
You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year – enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading
this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn’t have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.
After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.
While reviewing the contract with the firm the CRM mobility project was outsourced to, all of the following should be mandatory EXCEPT?
A. Information security controls.
B. Liability for data breach.
C. Right to audit.
D. Cyber insurance.
Correct Answer: D
QUESTION 36
SCENARIO
Please use the following to answer the next question:
Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm’s first ever privacy officer.
While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.
You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year – enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading
this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn’t have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.
After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.
All of the following would address your concern of the copy room EXCEPT?
A. Placing a paper shredder in the copy room.
B. Initiating a Privacy Impact Assessment (PIA).
C. Hanging a poster reminding users to shred paper.
D. Implementing a new paper record destruction policy.
Correct Answer: B
QUESTION 37
In a sample metric template, what does “target” mean?
A. The threshold for a satisfactory rating.
B. The percentage of completion.
C. The suggested volume of data to collect.
D. The frequency at which the data is sampled.
Correct Answer: A
QUESTION 38
What does it mean to “rationalize” data protection requirements?
A. Evaluate the costs and risks of applicable laws and regulations and address those that have the greatest penalties.
B. Determine where laws and regulations are redundant in order to eliminate some from requiring compliance.
C. Address the less stringent laws and regulations, and inform stakeholders why they are applicable.
D. Look for overlaps in laws and regulations from which a common solution can be developed.
Correct Answer: D
QUESTION 39
What is the role of a privacy manager in establishing sustainable program governance?
A. To enforce data protection laws.
B. To conduct regular security audits.
C. To ensure employees receive annual privacy training.
D. To establish and maintain a privacy program framework.
Correct Answer: D
QUESTION 40
What is the function of the privacy operational life cycle?
A. It allows the organization to respond to ever-changing privacy demands.
B. It ensures that outdated privacy policies are retired on a set schedule.
C. It establishes initial plans for privacy protection and implementation.
D. It allows privacy policies to mature to a fixed form.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.