Free IAPP CIPM Exam Questions

Become IAPP Certified with updated CIPM exam questions and correct answers

Page:    1 / 56      
Total 278 Questions | Updated On: Feb 04, 2025
Add To Cart
Question 1

SCENARIO
Please use the following to answer the next question:
Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia
to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the
practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring
Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who
handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and
assesses the office's strategies for growth.
Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to
modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the
records kept in file cabinets, as many of the documents contain personally identifiable financial and medical
data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the
day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues
unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/
printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the
same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that
personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing
policy by the year's end.
Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and
an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams
granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but
also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following
day, to get insight into how the office computer system is currently set-up and managed.
Which of the following policy statements needs additional instructions in order to further protect the personal
data of their clients? 


Answer: B
Question 2

All of the following changes will likely trigger a data inventory update EXCEPT?  


Answer: A
Question 3

SCENARIO -
Please use the following to answer the next question:
Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the Society’s store had been hacked. The thefts could have been employee-related.
Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the “misunderstanding” has not occurred again.
As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters, however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues of sales of items such as shirts and coffee cups from the store have been significant. The Society’s operating budget is slim, and all sources of revenue are essential.
Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data cloud. “The good news,” he says, “is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a small charge to pass through to you, it won’t be exorbitant, especially considering the advantages of a cloud.”
You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared conventions and technologies for privacy protection. You make a note to find out if Jason’s Finnish provider is signing on.
After conducting research, you discover a primary data protection issue with cloud computing. Which of the following should be your biggest concern?


Answer: D
Question 4

SCENARIO
Please use the following to answer the next question:
Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her
long-time business partner Sadie, Amira has watched the company grow into a major competitor in the green
energy market. The current line of products includes wind turbines, solar energy panels, and equipment for
geothermal systems. A talented team of developers means that NatGen's line of products will only continue to
grow.
With the expansion, Amira and Sadie have received advice from new senior staff members brought on to help
manage the company's growth. One recent suggestion has been to combine the legal and security functions of
the company to ensure observance of privacy laws and the company's own privacy policy. This sounds overly
complicated to Amira, who wants departments to be able to use, collect, store, and dispose of customer data in
ways that will best suit their needs. She does not want administrative oversight and complex structuring to get
in the way of people doing innovative work.
Sadie has a similar outlook. The new Chief Information Officer (CIO) has proposed what Sadie believes is an
unnecessarily long timetable for designing a new privacy program. She has assured him that NatGen will use
the best possible equipment for electronic storage of customer and employee data. She simply needs a list of
equipment and an estimate of its cost. But the CIO insists that many issues are necessary to consider before
the company gets to that stage.
Regardless, Sadie and Amira insist on giving employees space to do their jobs. Both CEOs want to entrust the
monitoring of employee policy compliance to low-level managers. Amira and Sadie believe these managers can
adjust the company privacy policy according to what works best for their particular departments. NatGen's
CEOs know that flexible interpretations of the privacy policy in the name of promoting green energy would be
highly unlikely to raise any concerns with their customer base, as long as the data is always used in course of
normal business activities.
Perhaps what has been most perplexing to Sadie and Amira has been the CIO's recommendation to institute a
privacy compliance hotline. Sadie and Amira have relented on this point, but they hope to compromise by
allowing employees to take turns handling reports of privacy policy violations. The implementation will be easy
because the employees need no special preparation. They will simply have to document any concerns they
hear.
Sadie and Amira are aware that it will be challenging to stay true to their principles and guard against corporate
culture strangling creativity and employee morale. They hope that all senior staff will see the benefit of trying a
unique approach. 
What Data Lifecycle Management (DLM) principle should the company follow if they end up allowing
departments to interpret the privacy policy differently?


Answer: C
Question 5

Please use the following to answer the next question:
As they company’s new chief executive officer, Thomas Goddard wants to be known as a leader in data protection. Goddard recently served as the chief financial officer of Hoopy.com, a pioneer in online video viewing with millions of users around the world. Unfortunately, Hoopy is infamous within privacy protection circles for its ethically questionable practices, including unauthorized sales of personal data to marketers. Hoopy also was the target of credit card data theft that made headlines around the world, as at least two million credit card numbers were thought to have been pilfered despite the company’s claims that “appropriate” data protection safeguards were in place. The scandal affected the company’s business as competitors were quick to market an increased level of protection while offering similar entertainment and media content. Within three weeks after the scandal broke, Hoopy founder and CEO Maxwell Martin, Goddard’s mentor, was forced to step down.
Goddard, however, seems to have landed on his feet, securing the CEO position at your company, Medialite, which is just emerging from its start-up phase. He sold the company’s board and investors on his vision of Medialite building its brand partly on the basis of industry-leading data protection standards and procedures. He may have been a key part of a lapsed or even rogue organization in matters of privacy but now he claims to be reformed and a true believer in privacy protection. In his first week on the job, he calls you into his office and explains that your primary work responsibility is to bring his vision for privacy to life. But you also detect some reservations. “We want Medialite to have absolutely the highest standards,” he says. “In fact, I want us to be able to say that we are the clear industry leader in privacy and data protection. However, I also need to be a responsible steward of the company’s finances. So, while I want the best solutions across the board, they also need to be cost effective.”
You are told to report back in a week’s time with your recommendations. Charged with this ambiguous mission, you depart the executive suite, already considering your next steps.
You give a presentation to your CEO about privacy program maturity. What does it mean to have a “managed” privacy program, according to the AICPA/CICA Privacy Maturity Model?


Answer: B,C
Page:    1 / 56      
Total 278 Questions | Updated On: Feb 04, 2025
Add To Cart

© Copyrights DumpsCertify 2025. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the DumpsCertify.