CIPP/US Certification exam 2023 with 100% correct answers

How many states allow Telephonic Notification? - correct answer20: Arizona, Colorado, Connecticut, Delaware, Idaho, Indiana, Maryland, Mississippi, Montana, Nebraska, Ohio, Oklahoma, South Carolina, Utah, Virginia, West Virginia. With specific requirements: Michigan, Pennsylvania, Vermont, New York What does substitute notice require? - correct answer1. Posting on website homepage 2. Statewide media posting 3. E-mail notice when possible What is the threshold for substitute notice in most/many states? - correct answerIf the cost would be more than 250K or more than 500K people are affected. What states do not have data breach laws? - correct answerAlabama, New Mexico, South Dakota How many states do not have Data Destruction Laws? - correct answer(20) Alabama, Idaho, Iowa, Louisiana, Maine, Mississippi, Missouri, Minnesota, Nebraska, New Hampshire, New Mexico, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Virginia, West Virginia, Wyoming, DC How many states have state agency notification requirements? - correct answer(21) California, Connecticut, Florida, Hawaii, Indiana, Iowa, Louisiana, Maine, Maryland, Massachusetts, Missouri, Montana, New Hampshire, New Jersey, New York, North Carolina, South Carolina, Vermont, Virginia, Washington, Puerto Rico How many states require Consumer Reporting Agency notification for data breach? - correct answer(29) Alaska, Colorado, DC, Florida, Georgia, Hawaii, Indiana, Kansas, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Nevada, New Hampshire, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, South Carolina Tennessee, Texas, Vermont, Virginia, West Virginia, Wisconsin How many states that have all of the following: data breach law, data destruction law, requirement to notify state, requirement to notify consumer reporting agency? - correct answer(9) Florida, Indiana, Maryland, Massachusetts, New Jersey, New York, North Carolina, South Carolina, Vermont What states have private sector data security laws? - correct answer1. Arkansas 2. California 3. Connecticut 4. Florida 5. Indiana 6. Kansas 7. Maryland 8. Massachusetts 9. Minnesota 10. Nevada 11. Oregon 12. Rhode Island 13. Texas 14. Utah What is Connecticut's Data Security Requirement for state contractors? - correct answerApplies to: Contractors: an individual, business or other entity that is receiving confidential information from a state contracting agency or agent of the state pursuant to a written agreement to provide goods or services to the state. Requires: Implement and maintain a comprehensive data-security program (as specified/detailed in statute) including encryption of all sensitive personal data transmitted wirelessly or via a public Internet connection, or contained on portable electronic devices has to be encrypted as well. What does Massachusetts' Data Security Law require? - correct answer1. Designate head of InfoSec 2. Anticipate and mitigate risks 3. Security program rules 4. Penalties for violations of rules 5. Prevent access by former employees 6. Contractually obligate vendors to same or similar procedures 7. Restrict physical access 8. Monitor effectiveness of program 9. Review program at least 1x per year 10. Document responses to incidents What is the definition of PII under Massachusetts law? - correct answer"a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Secu