IAPP CIPM Certified Information Privacy Manager Study Guide
By Mike Chapple and Joe Shelley
()
About this ebook
An essential resource for anyone preparing for the CIPM certification exam and a career in information privacy
As cybersecurity and privacy become ever more important to the long-term viability and sustainability of enterprises in all sectors, employers and professionals are increasingly turning to IAPP’s trusted and recognized Certified Information Privacy Manager qualification as a tried-and-tested indicator of information privacy management expertise.
In IAPP CIPM Certified Information Privacy Manager Study Guide, a team of dedicated IT and privacy management professionals delivers an intuitive roadmap to preparing for the CIPM certification exam and for a new career in the field of information privacy. Make use of pre-assessments, the Exam Essentials feature, and chapter review questions with detailed explanations to gauge your progress and determine where you’re proficient and where you need more practice.
In the book, you’ll find coverage of every domain tested on the CIPM exam and those required to succeed in your first—or your next—role in a privacy-related position. You’ll learn to develop a privacy program and framework, as well as manage the full privacy program operational lifecycle, from assessing your organization’s needs to responding to threats and queries.
The book also includes:
- A head-start to obtaining an in-demand certification used across the information privacy industry
- Access to essential information required to qualify for exciting new career opportunities for those with a CIPM credential
- Access to the online Sybex learning environment, complete with two additional practice tests, chapter review questions, an online glossary, and hundreds of electronic flashcards for efficient studying
An essential blueprint for success on the CIPM certification exam, IAPP CIPM Certified Information Privacy Manager Study Guide will also ensure you hit the ground running on your first day at a new information privacy-related job.
Read more from Mike Chapple
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5CISM Certified Information Security Manager Study Guide Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 0 out of 5 stars0 ratingsCISSP Official (ISC)2 Practice Tests Rating: 5 out of 5 stars5/5CompTIA CySA+ Study Guide: Exam CS0-003 Rating: 2 out of 5 stars2/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA ITF+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam FC0-U61 Rating: 5 out of 5 stars5/5CompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratings(ISC)2 CCSP Certified Cloud Security Professional Official Study Guide Rating: 5 out of 5 stars5/5CompTIA Data+ Study Guide: Exam DA0-001 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA PenTest+ Study Guide: Exam PT0-002 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-003 Rating: 1 out of 5 stars1/5CompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCompTIA PenTest+ Study Guide: Exam PT0-001 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Study Guide: Exam CS0-001 Rating: 0 out of 5 stars0 ratings(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests Rating: 0 out of 5 stars0 ratings(ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests Rating: 0 out of 5 stars0 ratingsCompTIA DataSys+ Study Guide: Exam DS0-001 Rating: 0 out of 5 stars0 ratings(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests Rating: 5 out of 5 stars5/5CompTIA Tech+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam FC0-U71 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-001 Rating: 0 out of 5 stars0 ratingsSecurity+® Practice Tests: Prepare for, practice, and pass the CompTIA Security+ exam Rating: 0 out of 5 stars0 ratings
Related to IAPP CIPM Certified Information Privacy Manager Study Guide
Related ebooks
IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratings(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests Rating: 5 out of 5 stars5/5(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests Rating: 0 out of 5 stars0 ratings(ISC)2 SSCP Systems Security Certified Practitioner Official Practice Tests Rating: 0 out of 5 stars0 ratingsCISA Certified Information Systems Auditor Study Guide Rating: 5 out of 5 stars5/5Information Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-001 Rating: 0 out of 5 stars0 ratingsCCSP (ISC)2 Certified Cloud Security Professional Official Study Guide Rating: 0 out of 5 stars0 ratingsThe Official (ISC)2 CCSP CBK Reference Rating: 0 out of 5 stars0 ratingsFundamentals of Adopting the NIST Cybersecurity Framework Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Review Guide: Exam SY0-501 Rating: 1 out of 5 stars1/5CompTIA Project+ Practice Tests: Exam PK0-004 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-003 Rating: 1 out of 5 stars1/5CompTIA PenTest+ Study Guide: Exam PT0-001 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratings(ISC)2 CCSP Certified Cloud Security Professional Official Practice Tests Rating: 0 out of 5 stars0 ratingsInformation Governance: Concepts, Strategies, and Best Practices Rating: 4 out of 5 stars4/5CEH v11: Certified Ethical Hacker Version 11 Practice Tests Rating: 0 out of 5 stars0 ratingsCompTIA Cloud+ Study Guide: Exam CV0-002 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-501 Rating: 4 out of 5 stars4/5CASP+ CompTIA Advanced Security Practitioner Practice Tests: Exam CAS-004 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Study Guide: Exam CS0-001 Rating: 0 out of 5 stars0 ratingsIntro to GDPR: A Plain English Guide to Compliance Rating: 0 out of 5 stars0 ratingsCIPT A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition Rating: 0 out of 5 stars0 ratingsCIPM Complete Self-Assessment Guide Rating: 1 out of 5 stars1/5IAPP CIPP/US Certification A Practical Study Guide to Master the Certified Information Privacy Professional Exam Rating: 0 out of 5 stars0 ratingsEU GDPR – An international guide to compliance Rating: 0 out of 5 stars0 ratingsISO/IEC 27701:2019: An introduction to privacy information management Rating: 4 out of 5 stars4/5
Security For You
Cybersecurity For Dummies Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5The Wires of War: Technology and the Global Struggle for Power Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5ISO/IEC 27001:2022: An introduction to information security and the ISMS standard Rating: 5 out of 5 stars5/5Navigating the Cybersecurity Career Path Rating: 0 out of 5 stars0 ratingsDark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Codes and Ciphers Rating: 5 out of 5 stars5/5NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsGoogle Cloud Platform an Architect's Guide Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5DeFi and the Future of Finance Rating: 0 out of 5 stars0 ratingsMastering Blockchain Rating: 5 out of 5 stars5/5A Vulnerable System: The History of Information Security in the Computer Age Rating: 0 out of 5 stars0 ratingsUnmasking the Social Engineer: The Human Element of Security Rating: 5 out of 5 stars5/5Cypherpunks: Freedom and the Future of the Internet Rating: 4 out of 5 stars4/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsThe Art of Attack: Attacker Mindset for Security Professionals Rating: 5 out of 5 stars5/5HTTP/2 in Action Rating: 0 out of 5 stars0 ratings
Reviews for IAPP CIPM Certified Information Privacy Manager Study Guide
0 ratings0 reviews
Book preview
IAPP CIPM Certified Information Privacy Manager Study Guide - Mike Chapple
IAPP® CIPM
Certified Information Privacy Manager
Study Guide
Mike Chapple, PHD, CIPP/US, CIPM
Joe Shelley, CIPP/US, CIPM
Wiley LogoCopyright © 2023 by John Wiley & Sons, Inc. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada and the United Kingdom.
ISBN: 978-1-394-15380-0
ISBN: 978-1-394-16006-8 (ebk.)
ISBN: 978-1-394-15381-7 (ebk.)
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.
Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. IAPP and CIPM are registered trademarks or service marks of the International Association of Privacy Professionals, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.
Library of Congress Control Number: 2022951786
Cover image: © Jeremy Woodhouse/Getty Images
Cover design: Wiley
Acknowledgments
Even though only the authors' names appear on the front cover, the production of a book is a collaborative effort involving a huge team. Wiley always brings a top-notch collection of professionals to the table, and that makes the work of authors so much easier.
In particular, we'd like to thank Jim Minatel, our acquisitions editor. Jim is a consummate professional, and it is an honor and a privilege to continue to work with him on yet another project. Here's to many more!
We also greatly appreciated the editing and production team for the book, including Kristi Bennett, our project editor, who brought great talent to the project. Our technical editors, Joanna Grama and John Bruggeman, provided indispensable insight and expertise. This book would not have been the same without their valuable contributions. Magesh Elangovan, our production editor, guided us through layouts, formatting, and final cleanup to produce a great book. We would also like to thank the many behind-the-scenes contributors, including the graphics, production, and technical teams who made the book and companion materials into a finished product.
Our agent, Carole Jelen of Waterside Productions, continues to provide us with wonderful opportunities, advice, and assistance throughout our writing careers.
Finally, we would like to thank our families, who supported us through the late evenings, busy weekends, and long hours that a book like this requires to write, edit, and get to press.
About the Authors
Mike Chapple, Ph.D., CIPM, CIPP/US, CISSP, is the author of the best-selling CISSP (ISC)² Certified Information Systems Security Professional Official Study Guide (Sybex, 9th edition, 2021) and the CISSP (ISC)² Official Practice Tests (Sybex, 3rd edition, 2021). He is an information security professional with two decades of experience in higher education, the private sector, and government.
Mike currently serves as a teaching professor in the IT, Analytics, and Operations Department at the University of Notre Dame's Mendoza College of Business, where he teaches undergraduate and graduate courses on cybersecurity, data management, and business analytics.
Before returning to Notre Dame, Mike served as executive vice president and chief information officer of the Brand Institute, a Miami-based marketing consultancy. Mike also spent four years in the information security research group at the National Security Agency and served as an active duty intelligence officer in the U.S. Air Force.
Mike is technical editor for Information Security Magazine and has written more than 35 books. He earned both his B.S. and Ph.D. degrees from Notre Dame in computer science and engineering. Mike also holds an M.S. in computer science from the University of Idaho and an MBA from Auburn University. Mike holds the Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional/US (CIPP/US), Cybersecurity Analyst+ (CySA+), Security+, Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and Certified Information Systems Security Professional (CISSP) certifications.
Learn more about Mike and his other security and privacy certification materials at his website, CertMike.com.
Joe Shelley, M.A., CIPM, CIPP/US, is a leader in higher education information technologies. He is currently the vice president for Libraries and Information Technology at Hamilton College in New York. In his role, Joe oversees central IT infrastructure, enterprise systems, information security and privacy programs, IT risk management, business intelligence and analytics, institutional research and assessment, data governance, and overall technology strategy. Joe also directs the Library and Institutional Research. In addition to supporting the teaching and research mission of the college, the library provides education in information sciences, digital and information literacy, and information management.
Before joining Hamilton College, Joe served as the chief information officer at the University of Washington Bothell in the Seattle area. During his 12 years at UW Bothell, Joe was responsible for learning technologies, data centers, web development, enterprise applications, help desk services, administrative and academic computing, and multimedia production. He implemented the UW Bothell information security program, cloud computing strategy, and IT governance, and he developed new initiatives for supporting teaching and learning, faculty research, and e-learning.
Joe earned his bachelor's degree in interdisciplinary arts and sciences from the University of Washington and his master's degree in educational technology from Michigan State University. Joe has held certifications and certificates for CIPM, CIPP/US, ITIL, project management, and Scrum.
Introduction
If you're preparing to take the Certified Information Privacy Manager (CIPM) exam, you'll undoubtedly want to find as much information as you can about privacy. The more information you have at your disposal and the more hands-on experience you gain, the better off you'll be when attempting the exam. We wrote this study guide with that in mind. The goal was to provide enough information to prepare you for the test—but not so much that you'll be overloaded with information that's outside the scope of the exam.
We've included review questions at the end of each chapter to give you a taste of what it's like to take the exam. If you're already working in the privacy field, we recommend that you check out these questions first to gauge your level of expertise. You can then use the book mainly to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.
If you can answer 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you're unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve.
Don't just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions.
The CIPM Exam
The CIPM certification is designed to be the gold standard credential for privacy professionals who are either currently working in management roles or aspire to become leaders in the field. It is offered by the International Association of Privacy Professionals (IAPP) and complements its suite of geographic-based privacy professional certifications.
The exam covers six major domains of privacy knowledge:
Developing a Privacy Program
Privacy Program Framework
Privacy Operational Life Cycle: Assess
Privacy Operational Life Cycle: Protect
Privacy Operational Life Cycle: Sustain
Privacy Operational Life Cycle: Respond
These six areas include a range of topics, from building a privacy program to understanding the full privacy operational life cycle. You'll find that the exam focuses heavily on scenario-based learning. For this reason, you may find the exam easier if you have some real-world privacy experience, although many individuals pass the exam before moving into their first privacy role.
The CIPM exam consists of 90 multiple-choice questions administered during a 150-minute exam period. Each of the exam questions has four possible answer options. Exams are scored on a scale ranging from 100 to 500, with a minimum passing score of 300. Every exam item is weighted equally, but the passing score is determined using a secret formula, so you won't know exactly what percentage of questions you need to answer correctly in order to pass.
Exam Tip
There is no penalty for answering questions incorrectly. A blank answer and an incorrect answer have equal weight. Therefore, you should fill in an answer for every question, even if it is a complete guess!
IAPP charges $550 for your first attempt at the CIPM exam and then $375 for retake attempts if you do not pass on the first try. More details about the CIPM exam and how to take it can be found in the IAPP Candidate Certification Handbook at http://iapp.org/certify/candidate-handbook.
You should also know that certification exams are notorious for including vague questions. You might see a question for which two of the possible four answers are correct—but you can choose only one. Use your knowledge, logic, and intuition to choose the best answer and then move on. Sometimes, the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there. Don't let this frustrate you; answer the question and move on to the next one.
Certification providers often use a process called item seeding, which is the practice of including unscored questions on exams. They do this as part of the process of developing new versions of the exam. So, if you come across a question that does not appear to map to any of the exam objectives—or for that matter, does not appear to belong in the exam—it is likely a seeded question. You never really know whether or not a question is seeded, however, so always make your best effort to answer every question.
Taking the Exam
Once you are fully prepared to take the exam, you can visit the IAPP website to purchase your exam voucher:
http://iapp.org/store/certifications
IAPP partners with Pearson VUE's testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson Vue website, where you will need to navigate to Find a test center.
http://home.pearsonvue.com/iapp
In addition to the live testing centers, you may also choose to take the exam at your home or office through Pearson VUE's OnVUE service. More information about this program is available here:
http://home.pearsonvue.com/iapp/onvue
Now that you know where you'd like to take the exam, simply set up a Pearson VUE testing account and schedule an exam. One important note: Once you purchase your exam on the IAPP website, you have one year to register for and take the exam before your registration will expire. Be sure not to miss that deadline!
On the day of the test, take two forms of identification, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials into the exam with you.
Exam policies can change from time to time. We highly recommend that you check both the IAPP and Pearson VUE sites for the most up-to-date information when you begin your preparing, when you register, and again a few days before your scheduled exam date.
After the CIPM Exam
Once you have taken the exam, you will be notified of your score immediately, so you'll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam.
Maintaining Your Certification
IAPP certifications must be renewed periodically. To renew your certification, you must either maintain a paid IAPP membership or pay a $250 non-member renewal fee. You must also demonstrate that you have successfully completed 20 hours of continuing professional education (CPE).
IAPP provides information on the CPE process via its website at
http://iapp.org/certify/cpe
What Does This Book Cover?
This book covers everything you need to know to pass the CIPM exam.
Chapter 1: Developing a Privacy Program
Chapter 2: Privacy Program Framework
Chapter 3: Privacy Operational Life Cycle: Assess
Chapter 4: Privacy Operational Life Cycle: Protect
Chapter 5: Privacy Operational Life Cycle: Sustain
Chapter 6: Privacy Operational Life Cycle: Respond
Appendix: Answers to Review Questions
Study Guide Elements
This study guide uses a number of common elements to help you prepare. These include the following:
Summaries The summary section of each chapter briefly explains the chapter, allowing you to easily understand what it covers.
Exam Essentials The Exam Essentials focus on major exam topics and critical knowledge that you should take into the test. The Exam Essentials focus on the exam objectives provided by IAPP.
Chapter Review Questions A set of questions at the end of each chapter will help you assess your knowledge and whether you are ready to take the exam based on your knowledge of that chapter's topics.
Additional Study Tools
This book comes with a number of additional study tools to help you prepare for the exam. They include the following.
Go to www.wiley.com/go/Sybextestprep to register your book to receive your unique PIN, and then once you receive the PIN by email, return to www.wiley.com/go/Sybextestprep and register a new account or add this book to an existing account. After adding the book, if you do not see it in your account, please refresh the page or log out and log back in.
Sybex Online Learning Environment
Sybex's online learning environment software lets you prepare with electronic test versions of the review questions from each chapter and the practice exams that are included in this book. You can build and take tests on specific domains, by chapter, or cover the entire set of CIPM exam objectives using randomized tests.
Electronic Flashcards
Our electronic flashcards are designed to help you prepare for the exam. Over 100 flashcards will ensure that you know critical terms and concepts.
Glossary of Terms
Sybex provides a full glossary of terms in PDF format, allowing quick searches and easy reference to materials in this book.
Practice Exams
In addition to the practice questions for each chapter, this book includes two full 90-question practice exams. We recommend that you use them both to test your preparedness for the certification exam.
Like all exams, the CIPM certification from IAPP is updated periodically and may eventually be retired or replaced. At some point after IAPP is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam’s online Sybex tools will be available once the exam is no longer available.
CIPM Exam Objectives
IAPP goes to great lengths to ensure that its certification programs accurately reflect the privacy profession's best practices. They also publish ranges for the number of questions on the exam that will come from each domain. The following table lists the six CIPM domains and the extent to which they are represented on the exam.
CIPM Certification Exam Objective Map
The objective mapping below takes each of the learning objectives found in the IAPP body of knowledge v3.0 and identifies where in the book you will find coverage of each objective.
IAPP occasionally makes minor adjustments to the exam objectives. Please be certain to check their website for any recent changes that might affect your exam experience.
How to Contact the Publisher
If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur. In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line Possible Book Errata Submission.
Assessment Test
Max is a freelance database specialist operating in Spain. He helps companies organize their data and clean up legacy databases. From a legal perspective, what role is Max playing when it comes to handling personal information?
Data processor
Business associate
Data controller
Data manager
Adrian is reviewing a new application that will be used by his organization to gather health information from customers. The application is now in testing and about to be released into production. After his review, Adrian realizes that the way the software is implemented is not compliant with the organization's HIPAA obligations. What is the root cause of this issue?
Failure to use strong encryption
Failure to integrate privacy into the SDLC
Failure to incorporate customer requirements
Failure to minimize data collection
NIST provides an example of which of the following?
Industry self-regulatory framework
Privacy regulation
Privacy program framework
Core privacy principles
Which of the following factors is not a primary consideration when developing a privacy program framework?
Compliance with applicable regulations
Scope and scale of the organization's data processing
Technological infrastructure for data storage and protection
Alignment with business objectives
Lena runs a mid-sized data analytics company in Paris. She is considering moving her databases to a cloud computing solution. What is she required to do first?
Consult her DPA.
Conduct a vendor assessment.
Conduct a PIA.
Conduct a DPIA.
A graph that shows a decrease in privacy incidents over time is an example of which of the following?
Statistical analysis
Compliance metric
Performance target
Trend analysis
David is an IT professional responsible for applying, monitoring, and maintaining access controls to a filesystem containing sensitive information used by the human resources department. He works closely with the management of that department to identify appropriate permissions. What term best describes David's role in relation to this data?
Data custodian
Data steward
Data owner
Data subject
Harold recently completed leading the postmortem review of a privacy incident. What documentation should he prepare next?
Remediation list
Risk assessment
Lessons-learned document
Mitigation checklist
Tamara is a cybersecurity analyst for a private business that is suffering a security breach. She believes the attackers have compromised a database containing sensitive information. Which one of the following activities should be Tamara's first priority?
Identification of the source of the attack
Containment
Remediation
Recovery
Brianna is reviewing the dataflows for one of her organization's information systems and discovers that records are not destroyed when they are no longer needed. What privacy by design principle is most directly violated?
Full functionality
End-to-end security
Privacy embedded into design
Visibility and transparency
Sally is a new privacy manager at an accounting firm. She decides to get started by evaluating the privacy program currently in place. She notes that processes are well documented and there is a written privacy policy. When she asks for records of the last privacy program review, she learns that the privacy program performance is managed on the go
and in real time
; when". If employees find problems with the program, they fix them, so formal reviews and feedback processes just haven't seemed necessary. Since there doesn't seem to be much of a program assessment process in place, where should Sally start?
Initiate tabletop drills.
Request a program audit to measure performance.
Ensure that the training and awareness programs include the need to periodically review procedures.
Establish the program's baseline performance.
Xavier is a data custodian responsible for maintaining databases with sensitive information, including Social Security numbers. He would like to protect those SSNs from prying eyes but will need to be able to retrieve the original value on occasion. What data protection technique would be most appropriate for his use?
Redaction
Tokenization
Masking
Hashing
Conducting audits is most closely associated with which part of the privacy operational life cycle?
Respond
Sustain
Assess
Protect
Paula is a privacy manager at a data management company. She has well documented procedures for executing PIAs when required, but she keeps hearing about planned changes to IT systems when it's almost too late for a PIA. What part of the privacy operational life cycle might help Paula fix this problem?
Compliance monitoring
Monitoring regulatory changes
IT audit
Monitoring the environment
Marco owns an electronics store in Barcelona, and he's interested in hiring a contractor to help build and manage a new customer database and help him dive into the world of online sales. Marco would prefer an individual contractor to a larger agency so that he can develop a strong relationship with someone who really learns about his business. Thanks to modern cloud technology, Marco thinks that a single individual will be able to do the job just as well as