100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CIPM- IAPP $10.99   Add to cart

Exam (elaborations)

CIPM- IAPP

 10 views  0 purchase
  • Course
  • CIPM- IAPP
  • Institution
  • CIPM- IAPP

Audit Life Cycle - answer-High-level, five-phase audit approach. The steps include: Audit Planning; Audit Preparation; Conducting the Audit; Reporting; and Follow-up. Active Scanning Tools - answer-DLP network, storage, scans and privacy tools can be used to identify security and privacy risks t...

[Show more]

Preview 3 out of 16  pages

  • October 7, 2024
  • 16
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • CIPM- IAPP
  • CIPM- IAPP
avatar-seller
TOPDOCTOR
CIPM- IAPP EXAMINATIONS
Audit Life Cycle - answer-High-level, five-phase audit approach. The steps include: Audit Planning; Audit
Preparation; Conducting the Audit; Reporting; and Follow-up.



Active Scanning Tools - answer-DLP network, storage, scans and privacy tools can be used to identify
security and privacy risks to personal information. They can also be used to monitor for compliance with
internal policies and procedures, and block e-mail or file transfers based on the data category and
definitions.



Anonymization - answer-The process in which individually identifiable data is altered in such a way that
it no longer can be related back to a given individual. Among many techniques, there are three primary
ways that data is anonymized. Suppression is the most basic version of anonymization and it simply
removes some identifying values from data to reduce its identifiability. Generalization takes specific
identifying values and makes them broader, such as changing a specific age (18) to an age range (18-24).
Noise addition takes identifying values from a given data set and switches them with identifying values
from another individual in that data set. Note that all of these processes will not guarantee that data is
no longer identifiable and have to be performed in such a way that does not harm the usability of the
data.



Behavioral Advertising - answer-advertising that is targeted to particular customers, based on their
observed online behavior



Binding Corporate Rules - answer-An appropriate safeguard allowed by the GDPR to facilitate cross-
border transfers of personal data between the various entities of a corporate group worldwide.



Bureau of Competition - answer-Enforce the US antitrust laws



Bureau of Consumer Protection - answer-protects consumers against unfair, deceptive, or fraudulent
practices by collecting complaints and conducting investigations, suing companies and people that break
the law, developing rules to maintain a fair marketplace, and educating consumers.



Bureau of Economics - answer-Provides economic analysis and support to antitrust and consumer
protection investigations

,Business Case - answer-The starting point for assessing the needs of the privacy organization, it defines
the individual program needs and the ways to meet specific business goals, such as compliance with
privacy laws or regulations, industry frameworks, customer requirements and other considerations.



Canadian Institute of Chartered Accountants - answer-Responsible for the functions that are critical to
the success of the Canadian CA profession.



COPPA (Children's Online Privacy Protection Act) - answer-Passed in 1998 to protect children from the
gathering of their personal information without parental consent. Required to be followed by all
websites geared toward children under 13.



Choice - answer-Choice refers to the idea that consent must be freely given and that data subjects must
have a genuine choice as to whether to provide personal data or not.



CIA Triad - answer-Confidentiality, Integrity, Availability



Collection Limitation - answer-A fair information practices principle, it is the principle stating there
should be limits to the collection of personal data, that any such data should be obtained by lawful and
fair means and, where appropriate, with the knowledge or consent of the data subject.



Consent - answer-Individuals must be able to prevent the collection of their personal data, unless the
disclosure is required by law.



Current Baseline - answer-"As-is" data privacy requirements; the current environment and any
protections, policies, and procedures currently deployed.



Data Breach - answer-The unauthorized acquisition of computerized data that compromises the
security, confidentiality, or integrity of personal information maintained by a data collector. Breaches do
not include good faith acquisitions of personal information by an employee or agent of the data
collector for a legitimate purpose of the data collector—provided the personal information is not used
for a purpose unrelated to the data collector's business or subject to further unauthorized disclosure.



Data Controller - answer-someone who determines why and how personal data is processed

, Data Inventory - answer-Also known as a record of authority, identifies personal data as it moves across
various systems and thus how data is shared and organized, and its location. That data is then
categorized by subject area, which identifies inconsistent data versions, enabling identification and
mitigation of data disparities.



Data Life Cycle Management - answer-Also known as information life cycle management (ILM) or data
governance, DLM is a policy-based approach to managing the flow of information through a life cycle
from creation to final disposition. DLM provides a holistic approach to the processes, roles, controls and
measures necessary to organize and maintain data, and has 11 elements: Enterprise objectives;
minimalism; simplicity of procedure and effective training; adequacy of infrastructure; information
security; authenticity and accuracy of one's own records; retrievability; distribution controls;
auditability; consistency of policies; and enforcement.



Data Minimization Principle - answer-The idea that one should only collect and retain that personal data
which is necessary.



Data Protection Authority - answer-Independent public authorities that supervise the application of data
protection laws in the EU.



Data Protection Impact Assessment - answer-The process by which companies can systematically assess
and identify the privacy and data protection impacts of any products they offer and services they
provide.



Data Quality - answer-A comprehensive approach to ensuring the accuracy, validity, and timeliness of
data.



Do Not Track - answer-A proposed regulatory policy, similar to the existing Do Not Call Registry in the
United States, which would allow consumers to opt out of web-usage tracking.



Electronic Communications Privacy Act of 1986 - answer-The collective name of the Electronic
Communications Privacy and Stored Wire Electronic Communications Acts, which updated the Federal
Wiretap Act of 1968. ECPA, as amended, protects wire, oral and electronic communications while those
communications are being made, are in transit, and when they are stored on computers. The act applies
to e-mail, telephone conversations and data stored electronically. The USA PATRIOT Act and subsequent
federal enactments have clarified and updated ECPA in light of the ongoing development of modern

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller TOPDOCTOR. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79373 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.99
  • (0)
  Add to cart