Exam (elaborations)
CIPP_US Certification Exam with complete solutions 2024_2025.
- Course
- Institution
CIPP_US Certification Exam with complete solutions 2024_2025.
[Show more]
Content preview
CIPP/US Certification Exam withcomplete solutions 2024/2025
How many states allow Telephonic Notification? - ANSWER-20: Arizona,
Colorado, Connecticut, Delaware, Idaho, Indiana, Maryland, Mississippi, Montana,
Nebraska, Ohio, Oklahoma, South Carolina, Utah, Virginia, West Virginia.
With specific requirements: Michigan, Pennsylvania, Vermont, New York
What does substitute notice require? - ANSWER-1. Posting on website homepage
2. Statewide media posting
3. Email notice when possible
What is the threshold for substitute notice in most/many states? - ANSWER-If the
cost would be more than 250K or more than 500K people are affected.
What states do not have data breach laws? - ANSWER-Alabama, New Mexico,
South Dakota
How many states do not have Data Destruction Laws? - ANSWER-(20) Alabama,
Idaho, Iowa, Louisiana, Maine, Mississippi, Missouri, Minnesota, Nebraska, New
Hampshire, New Mexico, North Dakota, Ohio, Oklahoma, Pennsylvania, South
Dakota, Virginia, West Virginia, Wyoming, DC
How many states have state agency notification requirements? - ANSWER-(21)
California, Connecticut, Florida, Hawaii, Indiana, Iowa, Louisiana, Maine,
Maryland, Massachusetts, Missouri, Montana, New Hampshire, New Jersey, New
York, North Carolina, South Carolina, Vermont, Virginia, Washington, Puerto Rico
How many states require Consumer Reporting Agency notification for data
breach? - ANSWER-(29) Alaska, Colorado, DC, Florida, Georgia, Hawaii, Indiana,
,Kansas, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri,
Nevada, New Hampshire, New Jersey, New York, North Carolina, Ohio, Oregon,
Pennsylvania, South Carolina Tennessee, Texas, Vermont, Virginia, West Virginia,
Wisconsin
How many states that have all of the following: data breach law, data destruction
law, requirement to notify state, requirement to notify consumer reporting
agency? - ANSWER-(9) Florida, Indiana, Maryland, Massachusetts, New Jersey,
New York, North Carolina, South Carolina, Vermont
What states have private sector data security laws? - ANSWER-1. Arkansas
2. California
3. Connecticut
4. Florida
5. Indiana
6. Kansas
7. Maryland
8. Massachusetts
9. Minnesota
10. Nevada
11. Oregon
12. Rhode Island
13. Texas
14. Utah
What is Connecticut's Data Security Requirement for state contractors? -
ANSWER-Applies to: Contractors: an individual, business or other entity that is
receiving confidential information from a state contracting agency or agent of the
state pursuant to a written agreement to provide goods or services to the state.
Requires: Implement and maintain a comprehensive data-security program (as
specified/detailed in statute) including encryption of all sensitive personal data
transmitted wirelessly or via a public Internet connection, or contained on
portable electronic devices has to be encrypted as well.
What does Massachusetts' Data Security Law require? - ANSWER-1. Designate
head of InfoSec
2. Anticipate and mitigate risks
3. Security program rules
4. Penalties for violations of rules
5. Prevent access by former employees
,6. Contractually obligate vendors to same or similar procedures
7. Restrict physical access
8. Monitor effectiveness of program
9. Review program at least 1x per year
10. Document responses to incidents
What is the definition of PII under Massachusetts law? - ANSWER-"a
Massachusetts resident's first name and last name or first initial and last name in
combination with any one or more of the following data elements that relate to
such resident:
(a) Social Security number;
(b) driver's license number or state-issued identification card number; or
(c) financial account number, or credit or debit card number, with or without any
required security code, access code, personal identification number or password,
that would permit access to a resident's financial account."
The Massachusetts Standards exclude from the definition any information
lawfully obtained from publicly available information or from government records
available to the general public.[2]
What are Massachusetts requirements for system security? - ANSWER-1. Secure
control of user identifiers and passwords for authentication purposes;
2. Lock-out processes for inactive users or unsuccessful log-in attempts;
3. Limiting access to personal information to those persons who are reasonably
required to know such information;
4. Up-to-date firewall protection and operating system security patches for
systems connected to the Internet;
5. Up-to-date versions of system security agent software, including malware
protection, patches, and virus definitions; and
6. Education and training of employees on the proper use of the computer
security system.[7]
Similarities between state data breach laws? - ANSWER-1. Definition of personal
information
2. Covered entities
3. Definition of security breach
4. Level of harm requiring notification
5. Whom to notify
6. When to notify
7. Contents of notification
8. How to notify
, 9. Exceptions to notify
10. Penalties and rights of action
What is the definition of personal information in Connecticut? - ANSWER-First
name or initial and last name with:
1. SSN
2. Driver's license or state ID
3. Account number in combination with a security code, password, etc.
What states include medical information in definition of personal information? -
ANSWER-1. Arkansas
2. California
3. Missouri
4. Texas
5. Virginia
What additional information does Oregon and Wyoming include in PII? -
ANSWER-Any state or federal identification number.
Which states include biometric data in the PII definition? - ANSWER-1. Iowa
2. Nebraska
3. North Carolina
4. Wisconsin
What state includes mother's maiden name in PII definition? - ANSWER-North
Dakota
What state includes tax information and work evaluations in PII definition? -
ANSWER-Puerto Rico
Which states do not exclude publicly available information from definition of PII?
- ANSWER-1. Idaho
2. Louisiana
3. Michigan
What callers are not covered by the DNC registry? - ANSWER-1. Political
organizations,
2. Charities calling on own behalf,
3. Telephone surveyors, or
4. Companies with which a consumer has an existing business relationship.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller tuition. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75759 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now