IAPP Exam Prep with all Correct & 100% Verified Answers
|Latest Version |Already Graded A+
1. Two of the four categories of data\nprotection and privacy law and practices are
informational privacy and\nA. Territorial privacy.\nB. Health privacy.\nC. Electronic privacy.\nD.
Financial privacy. ✔Correct Answer-A. Territorial privacy.
2. What is provided in Article 8 of the\nEuropean Convention for the Protection of Human
Rights and Fundamental Freedoms?\nA. The right of every individual to vote in his or her own
country.\nB. The right of public authorities to collect certain necessary personal data.\nC. The
right to respect for an individual's privacy and family life.\nD. The right of consumers to freely
choose their service provider. ✔Correct Answer-C. The right to respect for an individual's
privacy and family life.
3. What are the three main sources of personal information?\nA. Public and private sector
financial records. Medical records and military service records.\nB. Public records. Publicly
available information and non-public information.\nC. National insurance information.
Employment records and law enforcement records.\nD. Birth records national and foreign
government records and state/provincial government information. ✔Correct Answer-B. Public
records. Publicly available information and non public information.
4. Which of these elements may be considered personal information?\nA. Information relating
to a company's primary competitors.\nB. Information about a company's leads or prospects.\
nC. Company's financial information disclosed on its website.\nD. The physical location of a
company's headquarters. ✔Correct Answer-B. Information about a company's leads or
prospects.
5. Which human resources data element is not generally considered personal data?\nA.
Employee evaluation.\nB. Job title.\nC. Salary.\nD. Department assignment. ✔Correct
Answer-D. Department assignment.
6. What is the definition of a data\ncontroller?\nA. A third-party service provider that maintains
the platform on which personal data is stored.\nB. A supervisory authority empowered to
enforce privacy regulation or law.\nC. The individual who provides the personal data.\nD. An
entity that holds personal data and determines the purposes of use. ✔Correct Answer-D. An
entity that holds personal data and determines the purposes of use.
7. What is the correct definition of a privacy policy?\nA. An internal statement that summarizes
an organization's goals for its privacy program.\nB. An internal statement that summarizes the
compliance challenges an organization faces.\nC. An internal statement that governs an
organization's handling practices of personal information.\nD. An internal statement that details
, an organization's penalties for employees who leak personal information. ✔Correct Answer-C.
An internal statement that governs an organization's handling practices of personal information.
8. Effective security risk management balances the potential for loss with what cost?\nA. The
cost of security protection and management.\nB. The cost of statutory compliance and
oversight.\nC. The cost of notifications related to a data loss.\nD. The cost of reduced
efficiencies in operations. ✔Correct Answer-A. The cost of security protection and
management.
9. The use of personal information should follow what primary principle?\nA. Personal
information usage should be determined by third-party contracts.\nB. Personal information
should be limited to the purposes identified in the notice.\nC. Personal information usage
should be determined by the data controller that collected the personal information.\nD.
Organizations should use personal information for any and all business practices. ✔Correct
Answer-B. Personal information should be limited to the purposes identified in the notice.
10. A privacy notice does NOT relate towhich principle of the Information Lifecycle?\nA. Use
and retention.\nB. Collection.\nC. Monitoring and enforcement.\nD. Disclosure ✔Correct
Answer-C. Monitoring and enforcement
11. What must be included in a privacy impact assessment?\nA. A regulatory review of the
assessment.\nB. The source code of the system processing the data.\nC. The attributes of the
data collected.\nD. The administrator passwords of the system being evaluated. ✔Correct
Answer-C. The attributes of the data collected.
12. Which is NOT an example of privacy\nnotice?\nA. A spreadsheet containing specific product
names and general descriptions.\nB. Terms governing a user's participation in an online service
or social network.\nC. The Interactive Advertising Bureau's Advertising Option icon and
accompanying language.\nD. Cardholder agreements or employment contracts. ✔Correct
Answer-A. A spreadsheet containing specific product names and general descriptions.
13. Which is a concept provided for in the 1973 Code of Fair Information Practices?\nA. There
must be a way to allow a person access to a record of identifiable information.\nB. There must
be a way for a person to delete a record of identifiable information.\nC. There must be a way for
a person to make a record anonymous.\nD. There must be a way for a person to correct or
amend a record of identifiable information. ✔Correct Answer-D. There must be a way for a
person to correct or amend a record of identifiable information.
14. According to the Asia-Pacific Economic Cooperation privacy principles individuals must be
able to do all of the following except\nA. obtain confirmation whether the personal information
controller hold personal information about them.\nB. have their personal information
communicated to them within a reasonable time\nC. access the personal information of the
personal information controller.\nD. challenge the accuracy of the Disclosure. ✔Correct
Answer-C. access the personal information of the personal information controller.
|Latest Version |Already Graded A+
1. Two of the four categories of data\nprotection and privacy law and practices are
informational privacy and\nA. Territorial privacy.\nB. Health privacy.\nC. Electronic privacy.\nD.
Financial privacy. ✔Correct Answer-A. Territorial privacy.
2. What is provided in Article 8 of the\nEuropean Convention for the Protection of Human
Rights and Fundamental Freedoms?\nA. The right of every individual to vote in his or her own
country.\nB. The right of public authorities to collect certain necessary personal data.\nC. The
right to respect for an individual's privacy and family life.\nD. The right of consumers to freely
choose their service provider. ✔Correct Answer-C. The right to respect for an individual's
privacy and family life.
3. What are the three main sources of personal information?\nA. Public and private sector
financial records. Medical records and military service records.\nB. Public records. Publicly
available information and non-public information.\nC. National insurance information.
Employment records and law enforcement records.\nD. Birth records national and foreign
government records and state/provincial government information. ✔Correct Answer-B. Public
records. Publicly available information and non public information.
4. Which of these elements may be considered personal information?\nA. Information relating
to a company's primary competitors.\nB. Information about a company's leads or prospects.\
nC. Company's financial information disclosed on its website.\nD. The physical location of a
company's headquarters. ✔Correct Answer-B. Information about a company's leads or
prospects.
5. Which human resources data element is not generally considered personal data?\nA.
Employee evaluation.\nB. Job title.\nC. Salary.\nD. Department assignment. ✔Correct
Answer-D. Department assignment.
6. What is the definition of a data\ncontroller?\nA. A third-party service provider that maintains
the platform on which personal data is stored.\nB. A supervisory authority empowered to
enforce privacy regulation or law.\nC. The individual who provides the personal data.\nD. An
entity that holds personal data and determines the purposes of use. ✔Correct Answer-D. An
entity that holds personal data and determines the purposes of use.
7. What is the correct definition of a privacy policy?\nA. An internal statement that summarizes
an organization's goals for its privacy program.\nB. An internal statement that summarizes the
compliance challenges an organization faces.\nC. An internal statement that governs an
organization's handling practices of personal information.\nD. An internal statement that details
, an organization's penalties for employees who leak personal information. ✔Correct Answer-C.
An internal statement that governs an organization's handling practices of personal information.
8. Effective security risk management balances the potential for loss with what cost?\nA. The
cost of security protection and management.\nB. The cost of statutory compliance and
oversight.\nC. The cost of notifications related to a data loss.\nD. The cost of reduced
efficiencies in operations. ✔Correct Answer-A. The cost of security protection and
management.
9. The use of personal information should follow what primary principle?\nA. Personal
information usage should be determined by third-party contracts.\nB. Personal information
should be limited to the purposes identified in the notice.\nC. Personal information usage
should be determined by the data controller that collected the personal information.\nD.
Organizations should use personal information for any and all business practices. ✔Correct
Answer-B. Personal information should be limited to the purposes identified in the notice.
10. A privacy notice does NOT relate towhich principle of the Information Lifecycle?\nA. Use
and retention.\nB. Collection.\nC. Monitoring and enforcement.\nD. Disclosure ✔Correct
Answer-C. Monitoring and enforcement
11. What must be included in a privacy impact assessment?\nA. A regulatory review of the
assessment.\nB. The source code of the system processing the data.\nC. The attributes of the
data collected.\nD. The administrator passwords of the system being evaluated. ✔Correct
Answer-C. The attributes of the data collected.
12. Which is NOT an example of privacy\nnotice?\nA. A spreadsheet containing specific product
names and general descriptions.\nB. Terms governing a user's participation in an online service
or social network.\nC. The Interactive Advertising Bureau's Advertising Option icon and
accompanying language.\nD. Cardholder agreements or employment contracts. ✔Correct
Answer-A. A spreadsheet containing specific product names and general descriptions.
13. Which is a concept provided for in the 1973 Code of Fair Information Practices?\nA. There
must be a way to allow a person access to a record of identifiable information.\nB. There must
be a way for a person to delete a record of identifiable information.\nC. There must be a way for
a person to make a record anonymous.\nD. There must be a way for a person to correct or
amend a record of identifiable information. ✔Correct Answer-D. There must be a way for a
person to correct or amend a record of identifiable information.
14. According to the Asia-Pacific Economic Cooperation privacy principles individuals must be
able to do all of the following except\nA. obtain confirmation whether the personal information
controller hold personal information about them.\nB. have their personal information
communicated to them within a reasonable time\nC. access the personal information of the
personal information controller.\nD. challenge the accuracy of the Disclosure. ✔Correct
Answer-C. access the personal information of the personal information controller.
