Free IAPP CIPM Exam Questions

Question 1

SCENARIO

Please use the following to answer the next question:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia

to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the

practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring

Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who

handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and

assesses the office's strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to

modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the

records kept in file cabinets, as many of the documents contain personally identifiable financial and medical

data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the

day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues

unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/

printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the

same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that

personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing

policy by the year's end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and

an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams

granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but

also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following

day, to get insight into how the office computer system is currently set-up and managed.

Richard believes that a transition from the use of fax machine to Internet faxing provides all of the following

security benefits EXCEPT?

A : eater accessibility to the faxes at an off-site location.

B : ability to encrypt the transmitted faxes through a secure server.

C : duction of the risk of data being seen or copied by unauthorized personnel.

D : ability to store faxes electronically, either on the user's PC or a password-protected network server.

Answer: A

Question 2

SCENARIO -

Please use the following to answer the next question:

Edufox has hosted an annual convention of users of its famous e-learning software platform, and over time, it has become a grand event. It fills one of the large downtown conference hotels and overflows into the others, with several thousand attendees enjoying three days of presentations, panel discussions and networking. The convention is the centerpiece of the company's product rollout schedule and a great training opportunity for current users. The sales force also encourages prospective clients to attend to get a better sense of the ways in which the system can be customized to meet diverse needs and understand that when they buy into this system, they are joining a community that feels like family.

This year's conference is only three weeks away, and you have just heard news of a new initiative supporting it: a smartphone app for attendees. The app will support late registration, highlight the featured presentations and provide a mobile version of the conference program. It also links to a restaurant reservation system with the best cuisine in the areas featured. "It's going to be great," the developer, Deidre Hoffman, tells you, "if, that is, we actually get it working!" She laughs nervously but explains that because of the tight time frame she'd been given to build the app, she outsourced the job to a local firm. "It's just three young people," she says, "but they do great work." She describes some of the other apps they have built. When asked how they were selected for this job, Deidre shrugs. "They do good work, so I chose them."

Deidre is a terrific employee with a strong track record. That's why she's been charged to deliver this rushed project. You're sure she has the best interests of the company at heart, and you don't doubt that she's under pressure to meet a deadline that cannot be pushed back. However, you have concerns about the app's handling of personal data and its security safeguards. Over lunch in the break room, you start to talk to her about it, but she quickly tries to reassure you, "I'm sure with your help we can fix any security issues if we have to, but I doubt there'll be any. These people build apps for a living, and they know what they're doing. You worry too much, but that's why you're so good at your job!"

What safeguard can most efficiently ensure that privacy protection is a dimension of relationships with vendors?

A : Include appropriate language about privacy protection in vendor contracts.

B : Perform a privacy audit on any vendor under consideration

C : Require that a person trained in privacy protection be part of all vendor selection teams

D : Do business only with vendors who are members of privacy trade associations

Answer: A

Question 3

SCENARIO

Please use the following to answer the next question:

Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the

development of the company's flagship product, the Handy Helper. The Handy Helper is an application that can

be used in the home to manage family calendars, do online shopping, and schedule doctor appointments. After

having had a successful launch in the United States, the Handy Helper is about to be made available for

purchase worldwide.

The packaging and user guide for the Handy Helper indicate that it is a "privacy friendly" product suitable for the

whole family, including children, but does not provide any further detail or privacy notice. In order to use the

application, a family creates a single account, and the primary user has access to all information about the

other users. Upon start up, the primary user must check a box consenting to receive marketing emails from

Omnipresent Omnimedia and selected marketing partners in order to be able to use the application.

Sanjay, the head of privacy at Omnipresent Omnimedia, was working on an agreement with a European

distributor of Handy Helper when he fielded many questions about the product from the distributor. Sanjay

needed to look more closely at the product in order to be able to answer the questions as he was not involved

in the product development process.

In speaking with the product team, he learned that the Handy Helper collected and stored all of a user's

sensitive medical information for the medical appointment scheduler. In fact, all of the user's information is

stored by Handy Helper for the additional purpose of creating additional products and to analyze usage of the

product. This data is all stored in the cloud and is encrypted both during transmission and at rest.

Consistent with the CEO's philosophy that great new product ideas can come from anyone, all Omnipresent

Omnimedia employees have access to user data under a program called Eureka. Omnipresent Omnimedia is

hoping that at some point in the future, the data will reveal insights that could be used to create a fully

automated application that runs on artificial intelligence, but as of yet, Eureka is not well-defined and is

considered a long-term goal.

What step in the system development process did Manasa skip?

A : Obtain express written consent from users of the Handy Helper regarding marketing

B : Work with Sanjay to review any necessary privacy requirements to be built into the product.

C : Certify that the Handy Helper meets the requirements of the EU-US Privacy Shield Framework

D : Build the artificial intelligence feature so that users would not have to input sensitive information into the Handy Helper

Answer: B

Question 4

A Data Privacy Officer (DPO) who posts privacy message reminders on posters and on company video screens throughout the office to reinforce the organization's privacy message is furthering which organizational program?

A : blic Service.

B : areness

C : aining

D : hics

Answer: B

Question 5