Personally Identifiable Information (PII) v4.0 Test 2023
Answered Correctly
Which action requires an organization to carry out a Privacy Impact Assessment?
A. Storing paper-based records
B. Collecting PII to store in a new information system
C. Collecting any CUI. including but not limited to PII
D. Collecting PII to store in a National Security System
B. Collecting PII to store in a new information system
Which of the following is an example of a physical safeguard that individuals can use to
protect PII?
All of the above
What is the purpose of a Privacy Impact Assessment (PIA)?
A. Determine whether paper-based records are stored securely
B. Determine whether information must be disclosed according to the Freedom of
Information Act (FOIA)
C. Determine whether the collection and maintenance of PII is worth the risk to
individuals
D. Determine whether Protected Health Information (PHI) is held by a covered entity
C. Determine whether the collection and maintenance of PII is worth the risk to
individuals
T or F? Information that can be combined with other information to link solely to an
individual is considered PII.
True
What guidance identifies federal information security controls?
A. DoD 5400.11-R: DoD Privacy Program
B. The Freedom of Information Act (FOIA)
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of
Personally Identifiable Information
D. The Privacy Act of 1974
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of
Personally Identifiable Information
An organization that fails to protect PII can face consequences including:
A. Remediation costs
B. Loss of trust
C. Legal liability
D. All of the above
D. All of the above
If someone tampers with or steals and individual's PII, they could be exposed to which
of the following?
, A. Embarrassment
B. Fraud
C. Identity theft
D. All of the above
D. All of the above
Which of the following is NOT a permitted disclosure of PII contained in a system of
records?
a. The individual has requested that their record be disclosed.
b. The record is disclosed for routine use.
c. All permitted disclosures.
d. The record is disclosed for a new purpose that is not specified in the SORN.
d. The record is disclosed for a new purpose that is not specified in the SORN.
Which of the following is not an example of PII?
A. Fingerprints
B. Driver's license number
C. Social Security number
D. Pet's nickname
D. Pet's nickname
Which of the following must privacy impact assessments (PIAs) do?
all of the above
What law establishes the federal government's legal responsibility for safeguarding PII?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of
Personally Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA)
C. The Privacy Act of 1974
ORGANIZATIONS THAT FAIL TO MAINTAIN ACCURATE, RELEVANT, TIMELY, AND
COMPLETE INFORMATION MAY BE SUBJECT TO WHICH OF THE FOLLOWING?
CIVIL PENALTIES
What law establishes the public's right to access federal government information?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of
Personally Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA)
D. The Freedom of Information Act (FOIA)
An organization with existing system of records decides to start using PII for a new
purpose outside the "routine use" defined in the System of Records Notice (SORN). Is
this a permitted use?
A. Yes
B. No
Answered Correctly
Which action requires an organization to carry out a Privacy Impact Assessment?
A. Storing paper-based records
B. Collecting PII to store in a new information system
C. Collecting any CUI. including but not limited to PII
D. Collecting PII to store in a National Security System
B. Collecting PII to store in a new information system
Which of the following is an example of a physical safeguard that individuals can use to
protect PII?
All of the above
What is the purpose of a Privacy Impact Assessment (PIA)?
A. Determine whether paper-based records are stored securely
B. Determine whether information must be disclosed according to the Freedom of
Information Act (FOIA)
C. Determine whether the collection and maintenance of PII is worth the risk to
individuals
D. Determine whether Protected Health Information (PHI) is held by a covered entity
C. Determine whether the collection and maintenance of PII is worth the risk to
individuals
T or F? Information that can be combined with other information to link solely to an
individual is considered PII.
True
What guidance identifies federal information security controls?
A. DoD 5400.11-R: DoD Privacy Program
B. The Freedom of Information Act (FOIA)
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of
Personally Identifiable Information
D. The Privacy Act of 1974
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of
Personally Identifiable Information
An organization that fails to protect PII can face consequences including:
A. Remediation costs
B. Loss of trust
C. Legal liability
D. All of the above
D. All of the above
If someone tampers with or steals and individual's PII, they could be exposed to which
of the following?
, A. Embarrassment
B. Fraud
C. Identity theft
D. All of the above
D. All of the above
Which of the following is NOT a permitted disclosure of PII contained in a system of
records?
a. The individual has requested that their record be disclosed.
b. The record is disclosed for routine use.
c. All permitted disclosures.
d. The record is disclosed for a new purpose that is not specified in the SORN.
d. The record is disclosed for a new purpose that is not specified in the SORN.
Which of the following is not an example of PII?
A. Fingerprints
B. Driver's license number
C. Social Security number
D. Pet's nickname
D. Pet's nickname
Which of the following must privacy impact assessments (PIAs) do?
all of the above
What law establishes the federal government's legal responsibility for safeguarding PII?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of
Personally Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA)
C. The Privacy Act of 1974
ORGANIZATIONS THAT FAIL TO MAINTAIN ACCURATE, RELEVANT, TIMELY, AND
COMPLETE INFORMATION MAY BE SUBJECT TO WHICH OF THE FOLLOWING?
CIVIL PENALTIES
What law establishes the public's right to access federal government information?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of
Personally Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA)
D. The Freedom of Information Act (FOIA)
An organization with existing system of records decides to start using PII for a new
purpose outside the "routine use" defined in the System of Records Notice (SORN). Is
this a permitted use?
A. Yes
B. No
