CIPM SAMPLE QUESTIONS AND ANSWERS

All of the following are factors in determining whether an organization can craft a common solution to the privacy requirements of multiple jurisdictions EXCEPT: - Answer- Effective date of most restrictive law. Building a privacy strategy may mean changing the mindset and perspective of an entire organization. Everyone in an organization has a role to play in protecting the personal information an organization collects, uses and discloses. Management needs to approve funding to resource and equip the privacy team, fund important privacy-enhancing resources and technologies, support privacy initiatives such as training and awareness, and hold employees accountable for following privacy policies and procedures. Sales personnel must secure business contact data and respect the choices of these individuals. Developers and engineers must incorporate effective security controls, build safe websites, and create solutions that require the collection or use of only the data necessary to accomplish the purpose. What are nongovernmental organizations that advocate for privacy protection known as? - Answer- External privacy organizations If an organization is small, or the privacy office staffing is limited, the privacy professional and organization could consider third-party solutions to track and monitor privacy laws relating to the business. These third parties include legal and consulting services that can assign people to the organization and use automated online services that allow research on privacy law, news and business tools. Privacy professionals from large and small firms can also take advantage of a growing number of free resources to help them to keep up-to-date with developments in privacy. Which of the following is NOT a good reason to perform a privacy audit on a supplier? - Answer- The finance team has concerns that their supplier is inflating their pass-through expense costs. While financial irregularities are a good reason to perform a financial audit, they are not a reason to perform a privacy audit. The purpose of a privacy audit is to determine the degree to which technology, processes and people comply with privacy policies and practices. Audits are evidence-based procedures to help measure how well the programs put in place meet the organization's goals; show compliance with legal, regulatory and internal requirements; increase general awareness; reveal gaps; and provide a basis for remediation planning. An example of media sanitization would be: - Answer- Performing a manufacturer's reset to restore an office printer to its factory default settings. Media sanitization is technically defined as "a process that renders access to target data on the media infeasible for a given level of effort." To adequately sanitize media, the