CIPM () Exam | Questions and Verified Answers|
Graded A| 100% Correct
Accountability - ANSWERA fair information practices principle, it is the idea that
when personal information is to be transferred to another person or organization,
the personal information controller should obtain the consent of the individual or
exercise due diligence and take reasonable steps to ensure that the recipient person
or organization will protect the information consistently with other fair use
principles.
Active Scanning Tools - ANSWERDLP network, storage, scans and privacy tools can be
used to identify security and privacy risks to personal information. They can also be
used to monitor for compliance with internal policies and procedures, and block e-
mail or file transfers based on the data category and definitions
American Institute of Certified Public Accountants
AICPA - ANSWERA U.S. professional organization of certified public accountants and
co-creator of the WebTrust seal program
APEC Privacy Principles - ANSWERA set of non-binding principles adopted by the
Asia-Pacific Economic Cooperative (APEC) that mirror the OECD Fair Information
Privacy Practices. Though based on OECD Guidelines, they seek to promote
electronic commerce throughout the Asia-Pacific region by balancing information
privacy with business needs.
Assess - ANSWERThe first of four phases of the privacy operational life cycle;
provides the steps, checklists and processes necessary to assess any gaps in a privacy
program as compared to industry best practices, corporate privacy policies,
applicable privacy laws, and objective-based privacy program frameworks.
Audit Life Cycle - ANSWERHigh-level, five-phase audit approach. The steps include:
Audit Planning; Audit Preparation; Conducting the Audit; Reporting; and Follow-up.
Bureau of Competition - ANSWEROne of the United States' Federal Trade
Commission's three principle groups relevant to privacy oversight; investigates and
attempts the prevention of anticompetitive business practices, such as monopolies,
price- fixing and similar regulatory violations, which may negatively affect
commercial competition.
Bureau of Consumer Protection - ANSWEROne of the United States' Federal Trade
Commission's three principle groups relevant to privacy oversight; protects
consumers against deceptive and or unfair business practices. Included under the
FTC mandate are deceptive advertising and fraudulent product and/or service
claims.
, Bureau of Economics - ANSWEROne of the United States' Federal Trade
Commission's three principle groups relevant to privacy oversight; works in accord
with the Bureau of Competition to study the effects of FTC lawmaking initiatives and
of existing law.
Business case - ANSWERThe starting point for assessing the needs of the privacy
organization, it defines the individual program needs and the ways to meet specific
business goals, such as compliance with privacy laws or regulations, industry
frameworks, customer requirements and other considerations.
Business Continuity and Disaster Recovery Plan - ANSWERA risk mitigation plan
designed to prepare an organization for crises and to ensure critical business
functions continue. The focus is to recover from a disaster when disruptions of any
size are encountered.
Business Continuity Plan - ANSWERThe business continuity plan is typically drafted
and maintained by key stakeholders, spelling out departmental responsibilities and
actions teams must take before, during and after an event in order to help
operations run smoothly. Situations covered in a BCP often include fire, flood,
natural disasters (tornadoes and hurricanes), and terrorist attack.
C-I-A Triad - ANSWERAlso known as information security triad; three common
information security principles from the 1960s: Confidentiality, integrity, availability.
Canadian Institute of Chartered Accountants - ANSWERThe Canadian Institute of
Chartered Accountants (CICA), in partnership with the provincial and territorial
institutes, is responsible for the functions that are critical to the success of the
Canadian CA profession. CICA, pursuant to the 2006 Protocol, is entrusted with the
responsibility for providing strategic leadership, co-ordination of common critical
functions of strategic planning, protection of the public and ethics, education and
qualification, standard setting and communications
Centralized governance - ANSWERPrivacy governance model that leaves one team or
person responsible for privacy-related affairs; all other persons or organizations will
flow through this point.
Children's Online Privacy Protection Act (COPPA) of 1998 - ANSWERA U.S. federal law
that applies to the operators of commercial websites and online services that are
directed to children under the age of 13. It also applies to general audience websites
and online services that have actual knowledge that they are collecting personal
information from children under the age of 13. COPPA requires these website
operators: to post a privacy policy on the homepage of the website; provide notice
about collection practices to parents; obtain verifiable parental consent before
collecting personal information from children; give parents a choice as to whether
their child's personal information will be disclosed to third parties; provide parents
access and the opportunity to delete the child's personal information and opt out of
Graded A| 100% Correct
Accountability - ANSWERA fair information practices principle, it is the idea that
when personal information is to be transferred to another person or organization,
the personal information controller should obtain the consent of the individual or
exercise due diligence and take reasonable steps to ensure that the recipient person
or organization will protect the information consistently with other fair use
principles.
Active Scanning Tools - ANSWERDLP network, storage, scans and privacy tools can be
used to identify security and privacy risks to personal information. They can also be
used to monitor for compliance with internal policies and procedures, and block e-
mail or file transfers based on the data category and definitions
American Institute of Certified Public Accountants
AICPA - ANSWERA U.S. professional organization of certified public accountants and
co-creator of the WebTrust seal program
APEC Privacy Principles - ANSWERA set of non-binding principles adopted by the
Asia-Pacific Economic Cooperative (APEC) that mirror the OECD Fair Information
Privacy Practices. Though based on OECD Guidelines, they seek to promote
electronic commerce throughout the Asia-Pacific region by balancing information
privacy with business needs.
Assess - ANSWERThe first of four phases of the privacy operational life cycle;
provides the steps, checklists and processes necessary to assess any gaps in a privacy
program as compared to industry best practices, corporate privacy policies,
applicable privacy laws, and objective-based privacy program frameworks.
Audit Life Cycle - ANSWERHigh-level, five-phase audit approach. The steps include:
Audit Planning; Audit Preparation; Conducting the Audit; Reporting; and Follow-up.
Bureau of Competition - ANSWEROne of the United States' Federal Trade
Commission's three principle groups relevant to privacy oversight; investigates and
attempts the prevention of anticompetitive business practices, such as monopolies,
price- fixing and similar regulatory violations, which may negatively affect
commercial competition.
Bureau of Consumer Protection - ANSWEROne of the United States' Federal Trade
Commission's three principle groups relevant to privacy oversight; protects
consumers against deceptive and or unfair business practices. Included under the
FTC mandate are deceptive advertising and fraudulent product and/or service
claims.
, Bureau of Economics - ANSWEROne of the United States' Federal Trade
Commission's three principle groups relevant to privacy oversight; works in accord
with the Bureau of Competition to study the effects of FTC lawmaking initiatives and
of existing law.
Business case - ANSWERThe starting point for assessing the needs of the privacy
organization, it defines the individual program needs and the ways to meet specific
business goals, such as compliance with privacy laws or regulations, industry
frameworks, customer requirements and other considerations.
Business Continuity and Disaster Recovery Plan - ANSWERA risk mitigation plan
designed to prepare an organization for crises and to ensure critical business
functions continue. The focus is to recover from a disaster when disruptions of any
size are encountered.
Business Continuity Plan - ANSWERThe business continuity plan is typically drafted
and maintained by key stakeholders, spelling out departmental responsibilities and
actions teams must take before, during and after an event in order to help
operations run smoothly. Situations covered in a BCP often include fire, flood,
natural disasters (tornadoes and hurricanes), and terrorist attack.
C-I-A Triad - ANSWERAlso known as information security triad; three common
information security principles from the 1960s: Confidentiality, integrity, availability.
Canadian Institute of Chartered Accountants - ANSWERThe Canadian Institute of
Chartered Accountants (CICA), in partnership with the provincial and territorial
institutes, is responsible for the functions that are critical to the success of the
Canadian CA profession. CICA, pursuant to the 2006 Protocol, is entrusted with the
responsibility for providing strategic leadership, co-ordination of common critical
functions of strategic planning, protection of the public and ethics, education and
qualification, standard setting and communications
Centralized governance - ANSWERPrivacy governance model that leaves one team or
person responsible for privacy-related affairs; all other persons or organizations will
flow through this point.
Children's Online Privacy Protection Act (COPPA) of 1998 - ANSWERA U.S. federal law
that applies to the operators of commercial websites and online services that are
directed to children under the age of 13. It also applies to general audience websites
and online services that have actual knowledge that they are collecting personal
information from children under the age of 13. COPPA requires these website
operators: to post a privacy policy on the homepage of the website; provide notice
about collection practices to parents; obtain verifiable parental consent before
collecting personal information from children; give parents a choice as to whether
their child's personal information will be disclosed to third parties; provide parents
access and the opportunity to delete the child's personal information and opt out of
