Free CIPM Exam Braindumps

SCENARIO
Please use the following to answer the next QUESTION:
Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office's strategies for growth.
Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year's end.
Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed.
Which of the following policy statements needs additional instructions in order to further protect the personal data of their clients?

1. A. All faxes sent from the office must be documented and the phone number used must be double checked to ensure a safe arrival.
2. B. All unused copies, prints, and faxes must be discarded in a designated recycling bin located near the work station and emptied daily.
3. C. Before any copiers, printers, or fax machines are replaced or resold, the hard drives of these devices must be deleted before leaving the office.
4. D. When sending a print job containing personal data, the user must not leave the information visible on the computer screen following the print command and must retrieve the printed document immediately.

Correct Answer: D

What does it mean to “rationalize” data protection requirements?

1. A. Evaluate the costs and risks of applicable laws and regulations and address those that have the greatest penalties
2. B. Look for overlaps in laws and regulations from which a common solution can be developed
3. C. Determine where laws and regulations are redundant in order to eliminate some from requiring compliance
4. D. Address the less stringent laws and regulations, and inform stakeholders why they are applicable

Correct Answer: C

If an organization maintains a separate ethics office, to whom would its officer typically report to in order to retain the greatest degree of independence?

1. A. The Board of Directors.
2. B. The Chief Financial Officer.
3. C. The Human Resources Director.
4. D. The organization's General Counsel.

Correct Answer: A

What United States federal law requires financial institutions to declare their personal data collection practices?

1. A. The Kennedy-Hatch Disclosure Act of 1997.
2. B. The Gramm-Leach-Bliley Act of 1999.
3. C. SUPCLA, or the federal Superprivacy Act of 2001.
4. D. The Financial Portability and Accountability Act of 2006.

Correct Answer: B

Which statement is FALSE regarding the use of technical security controls?

1. A. Technical security controls are part of a data governance strategy.
2. B. Technical security controls deployed for one jurisdiction often satisfy another jurisdiction.
3. C. Most privacy legislation lists the types of technical security controls that must be implemented.
4. D. A person with security knowledge should be involved with the deployment of technical security controls.

Correct Answer: B