In ________________ there is a two-part test to see if notification is required. First, a breach is an unauthorized acquisition of personal information, and second, the acquisition must cause, or be likely to cause, substantial economic loss to a person. correct answers Arizona
Indiana law requi...
ITN 267 Final || Already Passed.
In ________________ there is a two-part test to see if notification is required. First, a breach is
an unauthorized acquisition of personal information, and second, the acquisition must cause, or
be likely to cause, substantial economic loss to a person. correct answers Arizona
Indiana law requires that a state agency may not disclose a person's Social Security number to
anyone. There are limited exceptions to this law. Which of the following situations is not among
those in which a SSN can be disclosed? correct answers the disclosure is required by a collection
agency
In 2002, Washington State created a data disposal law that requires an entity to take reasonable
steps to destroy records that contain health and financial data when it determines that it no longer
needs those records. Which of the following entities is specifically excluded from following this
law? correct answers the federal government
Which of the following is included in a law's legislative history? correct answers any materials
generated in the course of creating legislation; this includes committee reports, hearings, and
transcripts of debate and reports issued by legislatures
Nevada's Security of Personal Information Law requires protection of personal information in a
number of ways and applies to which of the following? correct answers data collectors
What was the first state to have a breach notification law? correct answers California
Because Congress can't usually interfere in state matters, it can't create a uniform federal law in
areas legislated by the states unless there's a compelling reason to do so. Thus, there is no
existing federal law on information security. correct answers True
After the ChoicePoint breach, 46 states, including the District of Columbia, have created breach
notification laws. Although, most states used the California law as a model, there are some
differences. Which of the following is not one of the differences? correct answers maximum
requirements for encryption
Congress can create laws in areas where the________________ allows it. correct answers U.S.
Constitution
Which of the following may be exempt from state breach notification laws because they are
already subject to other laws with specific data security requirements? correct answers Both A
and B. GLBA financial institutions and entities covered by HIPAA
The __________________ was created after a security breach at a state-operated data facility.
correct answers California Database Security Breach Notification Act
Massachusetts' "Standards for the Protection of Personal Information of Residents of the
Commonwealth" was released in September 2008 and is known for being "unique" in terms of its
, data protection standard. Which of the following statements best captures that uniqueness?
correct answers It attempts to regulate businesses outside of Massachusetts by requiring
businesses to encrypt the personal data of Massachusetts residents.
What is a legal concept that protects an entity from legal liability and is written into the law?
Entities that encrypt the personal information that they own or maintain do not have to follow the
notification requirements of this concept if they have a data breach. correct answers safe harbor
What is considered to be personal information by most states? correct answers Both A and B.
Social Security numbers and account numbers
Which of the following conditions is not taken under consideration by Congress when
determining if an area is ripe for federal legislation? correct answers what the greatest economic
advantage will be to the national market as it relates to the area under consideration
Which of the follow does not count as personal information, as designated by California's
Database Security Breach Notification Act? correct answers student ID
Which of the following statements best captures the difference between civil law and criminal
law? correct answers In civil law, a defendant isn't sent to jail as a punishment. Instead, civil law
imposes fines.
The purpose of the ______________________ was to give state residents timely information
about a breach so that they can protect themselves. correct answers California Database Security
Breach Notification Act
In 2007 Minnesota created the Plastic Card Security Act, which is the first state law that
attempted to codify certain parts of the PCI DSS. It forbids businesses from storing cardholder
information for more than 48 hours after the credit card transaction is approved. Which of the
following lists of information can't be stored? correct answers card verification number, PIN
number, and contents of the card magnetic stripe
Which of the following statements summarizes why a breach notification is hard for entities?
correct answers States have different laws about what constitutes a breach.
_____________ are used to protect words, logos, and symbols that identify a product or services.
correct answers trademarks
In 1998, Congress passed the _________________________.This law helps protect copyrights
in the multimedia world. It also contains provisions that help insulate Internet service providers
from the actions of their customers. correct answers Digital Millennium Copyright Act
A ______________ protects the formulas, processes, methods, and information that give a
business a competitive edge. correct answers trade secret
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller FullyFocus. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £9.70. You're not tied to anything after your purchase.
