Download Your Ultimate Guide to Mastering the CIPP/US Practice Exam 2025: Complete Questions and and more Exams Sociology in PDF only on Docsity!
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
In what ways can the enforcement action be brought to the FTC's attention? - ans1. press reports covering the questionable practices 2. complaints from consumer groups of competitors Which agency is responsible for educational privacy? - ansDepartment of Education What are some of the ways that the FTC has played a prominent role in the development of US privacy standards? - ansThe FTC conducts public workshops on privacy issues, and reports on privacy policy and enforcement. Access - ansThe ability to view personal information held by an organization. This may be supplemented by allowing updates or corrections to the information. U.S. laws often provide for "this" and correction when the information is used for any type of substantive decision making, such as for credit reports. Americans with Disabilities Act (ADA) - ansBars discrimination against qualified individuals with disabilities; places restrictions on pre-employment medical screening. Consumer Financial Protection Bureau (CFPB) - ansHas enforcement power for unfair, deceptive or abusive acts and practices for financial institutions. Choice - ansThe ability to specify whether personal information will be collected and/or how it will be used or disclosed. "It" can be express or implied. Common Law - ansLegal principles that have developed over time in judicial decisions (case law), often drawing on social customs and expectations. Consent Decree - ansA judgment entered by consent of the parties (a federal or state agency and an adverse party) whereby the defendant agrees to stop alleged illegal activity, typically without admitting guilt or wrongdoing. Consumer Reporting Agency (CRA) - ansAny person or entity that complies or evaluates personal information for the purpose of furnishing consumer reports to third parties for a fee. Data Breach - ansThe intentional or unintentional release of secure information to an untrusted environment. Data Classification - ansDefines the clearance of individuals who can access or handle a given set of data, as well as the baseline level of protection that is appropriate for that data. Deceptive Trade Practices - ansAlong with unfair trade practices, behavior of an organization that can be enforced against by the FTC. Defamation - ansAny act or communication intending to harm the reputation of another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him. Electronic Discovery (e-discovery) - ansDiscovery in civil litigation dealing with the exchange of information in electronic format, often requiring digital forensics analysis. Electronically Stored Information (ESI) - ansA category of information that can include e- mail, word-processing documents, server logs, instant messaging transcripts, voicemail systems, social networking records, thumb drives, or data on SD cards.
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
Equal Employment Opportunity Commission (EEOC) - ansA federal agency overseeing many laws preventing discrimination in the workplace, include Title VII of the Civil Rights Act, the Age Discrimination in Employment Act of 1967 (ADEA) and Titles I and V of the Americans with Disabilities Act of 1990 (ADA). Evidentiary Privilege - ansPrivileges limiting or prohibiting disclosure of personal information in the context of investigations and litigation, such as attorney-client privilege. Fair Credit Reporting Act (FCRA) - ansEnacted in 1970 to regulate the consumer reporting industry and provide privacy rights in consumer reports. "This" mandates accurate and relevant data collection, provides consumers with the ability to access and correct their information, and limits the use of consumer reports to defined permissible purposes. Federal Trade Commission (FTC) - ansAn independent consumer protection agency governed by a chairman and four other commissioners with the authority to enforce against unfair and deceptive trade practices. Global Privacy Enforcement Network (GPEN) - ansEstablished in 2010 by the FTC and enforcement authorities from around the world, "it" aims to promote cross-border information sharing as well as investigation and enforcement cooperation among privacy authorities around the world. Gramm-Leach Bliley Act (GLBA) - ansAlo known as the Financial Services Modernization Act of 1999, "this" is a United States federal law to control the ways that financial institutions deal with the private information of individuals. Health Information - ansAny information related to the past, present or future physical or mental condition, provision of health care or payment for health care for a specific individual. Health Insurance Portability and Accountability Act of 1996 (HIPAA) - ansA U.S. law passed to create national standards for electronic healthcare transactions, among other purposes. Requires the U.S. Department of Health and Human Services to promulgate regulations to protect the privacy and security of personal health information. The basic rule is that patients have to opt-in before their information can be shared with other organizations
- although there are important exceptions such for treatment, payment and healthcare operations. National Labor Relations Board (NLRB) - ansAn independent agency of the United States government responsible for investigating and remedying unfair labor practices. National Security Letter (NSL) - ansA category of subpoena generally issued to seek records considered relevant to protect against international terrorism or clandestine intelligence activities. Negligence - ansThe failure to exercise the care that a reasonably prudent person would exercise in like circumstances, leading to unintended harm. Notice - ansA description of an organization's information management practices, with the purposes of consumer education and corporate accountability.
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
Trust Marks - ansDemonstration of compliance with self-regulatory programs by display of a seal, logo, or certification. Unfair Trade Practices - ansAlong with deceptive trade practices, behavior of an organization that can be enforced against by the FTC. Authentication - ansThe identification of an individual account user based on a combination of security measures. Authorization - ansAfter authentication, the proces of determining if the end user is permitted to have access to the desired resource, such as the information asset or the information system containing the asset. Choice and Consent - ansOrganizations should describe the choices available to individuals and should get implicit or explicit consent with respect to the collection, use, retention and disclosure of personal information. Consent is often considered especially important for disclosures of personal information to other data controllers. Comprehensive Model - ansA method of data protection to govern the collection, use and dissemination of personal information in the public and private sectors, generally with an official or agency responsible for overseeing enforcement. Confidentiality - ansThe obligation of an individual, organization or business to protect personal information and not misuse or wrongfully disclose that information. Co-regulatory Model - ansUsed in Australia and New Zealand, this model emphasizes industry development of enforceable codes or standards for privacy and data protection, against the backdrop of legal requirements by the government. Data Controller - ansAn organization that has the authority to decide how and why personal information is to be processed. The data controller may be an individual or an organization that is legally treated as an individual, such as a corporation or partnership. Data Processor - ansAn individual or organization, often a third-party outsourcing service, that processes data on behalf of the data controller. Data Protection Authority (DPA) - ansAn official, or body, who ensures compliance with the law and investigates alleged breaches of the law's provisions. Data Subject - ansThe individual about whom information is being processed, such as the patient at a medical facility, the employee of a company, or the customer of a retail store. EU Data Protection Directive - ansThe EU Directive was adopted in 1995 and became effective in 1998 and protects individuals' privacy and personal data use. The Directive recognizes the European view that privacy is a fundamental human right, and establishes a general comprehensive legal framework that is aimed at protecting individuals and promoting individual choice regarding the processing of personal data. Habeas Data - ansConstitutional guarantees that the citizenry may "have the data" archived about them by governmental and commercial repositories. Privacy Impact Assessment (PIA) - ansChecklists or tools to ensure that a personal information system is evaluated for privacy risks and designed with life cycle principles in
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
mind. An effective PIA evaluates the sufficiency of privacy practices and policies with respect to legal, regulatory and industry standards, and maintains consistency between policy and practice. Sectoral Model - ansThis framework protects personal information by enacting laws that address a particular industry sector. Sensitive Personal Information - ansThat which is more significantly related to the notion of a reasonable expectation of privacy. One's medical or financial information is often considered sensitive personal information (SPI), but other types of personal information might be as well. Opt In - ansOpt in means an individual actively affirms that information can be shared with third parties (e.g., an individual checks a box stating that she wants her information to go to another organization). Opt Out - ansOpt out means that, in the absence of action by the individual, information can be shared with third parties (e.g., unless the individual checks a box to opt out, her information can go to another organization). What are the four phases of privacy program development? - ans1. Discover
- Issue identification
- Identify best practices
- Perform PIA
- Build
- Procedure development and identification
- Full implementation
- Communicate
- Documentation (Training and Awareness)
- Evolve
- Affirmation and Monitoring
- Adaptation What are the elements of data sharing and transfer? - ans1. Data inventory
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
- Due diligence
- Reputation
- Financial condition, insurance
- Information security
- Point of transfer
- Disposal
- Training and user awareness
- Incident response Which branch of the U.S. Federal Government makes laws? - ansLegislative Where is privacy mentioned in the U.S. Constitution? - ansIt's not. Usually privacy falls under the 4th amendment. What federal agency is the most active in enforcing privacy rights? - ansFTC How does punishment differ in civil and criminal cases? - ansCivil punishments are compensation such as monetary and injunctive while criminal punishments include fine, incarceration, and death. When an FTC investigation finds a company guilty of violating privacy, what are its two recourses? - ans1. Administrative trial
- Consent decree What was the basis of the FTC's findings against BJ's Wholesale Club? - ansUnfair practices because private data was not encrypted during transmission What are the six questions you should ask in understanding a law? - ans1. Who is covered by this law?
- What types of information and what uses of information are covered?
- What exactly is required and/or prohibited?
- Who enforces the law?
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
- What happens if I don't comply?
- Why does this law exist? Define civil litigation - ansDisputes between individuals and/or organizations Define criminal litigation - ansLegal punishment of criminal offenses Who initiates civil litigation? - ansPrivate party Who initiates criminal litigation? - ansGovernment What is the burden of proof for civil litigation? - ansPreponderance of evidence What is the burden of proof for criminal litigation? - ansReyond a reasonable doubt List the five theories of legal liability - ans1. Negligence - absence of, or failure to exercise, proper or ordinary care.
- Breach of Warranty - failure of a seller to fulfill the terms of a promise, claim, or representation.
- Misrepresentation - false security about the safety of a particular product.
- Defamation - an untruth about another which untruth will harm the reputation of the person defamed (wrtten defamation is libel; oral defamation is slander).
- Strict tort liability - extending the responsibility of the vendor or manufacturer to all individuals who might be injured by the product. What does article 5 of the FTC Act declare unlawful? - ansunfair or deceptive acts or practices in or affecting commerce. What is Children's Online Privacy Protection Act of 1998 (COPPA)? - ans1. Regulates collection and use of children's information by commercial website operators.
- Compels website owners to adhere to specific notice and choice practices.
- Applies to websites and services targeted to children under 13. Who handles the enforcement of COPPA? - ansFTC Who handles the enforcement of CAN-SPAM? - ansFTC What does the FTC consider a deceptive practice? - ansSaying one thing and completely going against it What does the FTC consider an unfair practice? - ansWhen reasonable practice are not being followed What does the "Consumer Privacy Bill of Rights" emphasize? - ans1. Privacy by Design
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
- Access and accounting of disclosures
- Safeguards
- Accountability
- De-identification
- Research
- Other exceptions (law enforcement investigations) What are the elements of the HIPAA Security Rule? - ans1. Confidentiality, integrity and availability of ePHI
- Protection against threats to ePHI
- No unreasonable uses or disclosures of information not required under the Privacy Rule Health Information Technology for Economic and Clinical Health, 2009 (HITECH) - ans1. Enacted as a part of the American Recovery and Reinvestment Act of 2009.
- Amends HIPAA
- Regulates personal health records (PHR)
- Covered entities and PHR vendors must provide breach notification to consumers, HHS and FTC
- Extends HIPAA safeguard and breach notice requirements to business associates
- Increased penalties for non-compliance
- Provides state attorneys general with enforcement authority The Genetic Information Nondiscrimination Act of 2008 (GINA) - ans1. Addresses potential abuses based on genetic information in the absence of the manifestation of a condition
- Amends federal healthcare and employment-related laws
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
- Social Security Act
- Civil Rights Act
- Public Service Health Act
- HIPAA
- Empowers government enforcement
- Creates review commission in 2014
- Applies prohibitions to health insurance providers The Fair Credit Reporting Act of 1970 (FCRA) - ans1. Accurate and relevant data collection required
- Consumers can access and correct information
- Limitation on use of credit reports Who does the FCRA apply to? - ansConsumer Reporting Agencies (CRA) Who enforces the FCRA and what are the punishments? - ansEnforced by the FTC and state attorneys general and non-compliance leads to civil and crimal penalties and fines The Fair and Accurate Credit Transactions Act of 2003 (FACTA) - ans1. Amends FCRA, preempting state laws
- Requires truncation of credit and debit card numbers
- Consumers have rights to explanation of credit score
- Free annual credit report
- Opt-out for marketing
- The Disposal Rule
- The Red Flags Rule The Financial Services Modernization Act of 1999 - "Gramm-Leach-Bliley" (GLBA) - ans1. GLBA Privacy Rule
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
No Child Left Behind Act 2001 (NCLB) - ans1. Broadened PPRA survey restrictions
- Enact policies
- Parental review of surveys prior to use
- Advance notice
- Opt out FTC Telemarketing Sales Rule (TSR) Telephone Consumer Protection Act of 1991 - FCC regulations - ans1. Who can be called?
- Prohibits calls to cell phones
- U.S. National Do Not Call Registry
- Rules governing calls
- Call abandonment
- Unathorized billing
- Record keeping
- Robocall rules (2012)
- Does not preempt state law What is the purpose of the three-branch government design? - ansTo provide a separation of powers with a system of check and balances among the branches. What similarities are found between state and federal government? - ansThe three branches are also often found at the state and often the local levels. What is the legislative branch's make-up? - ansThe legislative branch is made up of elected representatives who write and pass laws. It includes the Congress (House and Senate). What does the legislative branch do? - ansCongress confirms presidential appointees, and can override vetoes. What are the duties of the executive branch? - ansThe executive branch's duties are to enforce and administer the law.
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
Who makes up the executive branch? - ansThe President, Vice President, cabinet, and federal agencies (such as the FTC). What can the executive branch do? - ansPresident appoints federal judges. It can veto laws passed by Congress. What can the judicial branch do? - ansThe Judicial branch determines whether the laws are constitutional. It also interprets laws, the meaning of a law, and how it is applied. It can also examine the intent behind a law's creation. What is the judicial branch? - ansThe Federal Courts. What two parts make up the U.S. Congress? - ansThe Senate and the House of Representatives (legislative branch) What can Congress do when enacting legislation? - ansCongress can delegate the power to promulgate regulations to federal agencies (such as the FTC). What laws has Congress enacted involving the FTC? - ansCongress has enacted several laws that give the U.S. Federal Trade Commission the authority to issue regulations to implement the laws. Does the executive branch include federal agencies that report directly to the President? - ansYes What do federal agencies in the executive branch do? - ansThey implement the laws through rule making and enforce the laws through civil and criminal procedures. What are the lowest courts called in the federal court system (judicial branch)? - ansDistrict Courts. These serve as federal trial courts. Cases decided by a district court can be referred to what? - ansA federal appellate court (also called a "circuit court"). What do federal circuit courts do? - ansThey are not trial courts; they serve as appeals courts for federal cases. The federal appeals courts are divided into how many circuits? - ans12 regional circuits; each district court is assigned to a appeals court which decides the appeals for that circuit. What are the other federal courts called? - ansSpecial courts include the U.S. Court of Federal Claims and the U.S. Tax Court. What is the top court in the judicial branch? - ansThe U.S. Supreme Court. What does the U.S. Supreme Court do? - ansHears appeals from the circuit courts and decides questions of federal law; also interprets the U.S. Constitution. May also hear appeals from the highest state courts or function as a trial court in rare instances. In what circumstances do federal agencies wield power that is characteristic of all three branches of government? - ansWhen they are given authority by Congress to promulgate and enforce rules pursuant to law. This means they operate under statutes that give them legislative power to issue rules, executive power to investigate and enforce violations of rules/statutes, and judicial power to settle particular disputes.
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
What regulatory agencies are required by law to issue regulations and rules - ansFTC (Federal Trade Commission) or the FCC (Federal Communications Commission). In what year was the CAN-SPAM Act passed? - ans2003. Which entity passed the CAN-SPAM Act? - ansU.S. Congress. What does the CAN-SPAM Act require? - ansCAN-SPAM Act requires the senders of commercial e-mail messages to offer an "opt-out" option to recipients of those messages. Which agencies enforce the CAN-SPAM Act? - ansFTC and FCC. What does the CAN-SPAM Act allow the FTC and FCC to do? - ansIt provides the FTC and the FCC with the authority to issue regulations that set forth exactly how the opt-out mechanism must be offered and managed. What is case law? - ansCase law refers to the final decisions made by judges in court cases. How is case law utilized by the courts? - ansWhen similar issues arise in the future, judges look to past decisions as precedents and decide the new case in a manner consistent with past decisions. What is stare decisis? - ansIt refers to a following of past precedent; stare decisis is a Latin term meaning "to let the decision stand." How do precedents handle the passing of time? - ansAs time passes, precedents often change to reflect technological and societal changes in values and laws. What are common law's rules in regards to privacy? - ansCommon law upholds special privilege rules, even in the absence of statutes protecting that confidentiality. Name two special privilege rules. - ans1. Doctor-patient privilege2. attorney-client confidentiality. Does a consent decree typically admit guilt or wrongdoing? - ansNo. How are the courts involved in a consent decree? - ansThe document is approved by a judge. What does a consent decree accomplish? - ansIt formalizes an agreement reached between a federal or state agency and an adverse party. What are the contents of the consent decree? - ansIt describes the actions that the defendant will take and the decree may be subject to a public comment period. How much power does a consent decree hold? - ansOnce approved, the consent decree has the effect of a court decision. In what area has the FTC entered into numerous consent decrees with companies as a result of alleged violations of privacy laws. - ansCOPPA has allowed for several consent decrees, which require violators to pay money to the government and agree not to violate the relevant law in the future. What services do federal agencies provide? - ans1. promulgate rules and enforce them;2. provide guidance in the form of opinions. How are agency opinions interpreted and used? - ansThey do not carry the weight of law, but do give specific guidance to interested parties trying to interpret agency rules and regulations.
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
What provisions might a privacy contract contain? - ansdata useage, data security, breach notification, jurisdiction, and damages. (A contract b/w an EU company and a US data processor might include provision requiring US co to be safe harbor certified/abide by framework) True/false: Every agreement is a legally binding contract. - ansFalse. There are three fundamental requirements for forming a binding contract. What are the three factors required to form a contract? - ansOffer, Acceptance, Consideration. Which terms of the offer must be specific and definite? - ansPrice, quantity, and description. What ends the original offer? - ansA counteroffer. What actions must be taken with an offer for it to qualify to form a contract? - ansThe offer must be communicated to another person and remain open until it is accepted, rejected, retracted or has expired. What is acceptance? - ansThe assent or agreement by the person to whom the offer was made that the offer is accepted. What requirements must the acceptance meet? - ansThe acceptance must comply with the terms of the offer and must be communicated to the person who proposed the deal. What is the bargained-for exchange? - ansConsideration. What is consideration? - ansThe legal benefit received by one person and the legal detriment imposed on the other person. True/False: An agreement without consideration is not a contract. - ansTrue. When may a privacy notice constitute a contract? - ansIf a consumer provides data to a company based on the company's promise to use the data in accordance with the terms of the notice. What are the goals of tort law? - ansa. provide relief for damages incurred;b. deter others from committing the same wrongs. What are the three tort categories? - ansIntentional torts, negligent torts, and strict liability torts. When did the concept of a personal privacy tort enter U.S. jurisprudence? - ansThe late 1890s. What are some current privacy torts? - ansa. intrusion on seclusion;b. public revelation of private facts;c. interfering with a person's right to publicity;d. casting a person in a false light. What is a defense to some of the traditional privacy torts? - ansThe speaker is exercising free speech rights under the First Amendment. What are some other, more recent, privacy-related torts considered by courts? - ansAllegations that a company was negligent for failing to provide adequate safeguards for PI, thus causing harm due to disclosure of the data. Lack of adequate safeguards therefore may expose a company to damages under tort law. What two areas of the case must the court have jurisdiction over? - ans1. subject matter jurisdiction2. personal jurisdiction
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
At the federal level, which agencies engage in regulatory activities concerning the private sector? - ansFTC, federal banking regulatory agencies (Consumer Financial Protection Bureau, Federal Reserve, Office of the Comptroller of the Currency), the FCC, DOT, Dept. of Health and Human Services through its Office for Civil Rights. What role does the Department of Commerce play in privacy? - ansThe DOC doesn't have regulatory authority for privacy, but often plays a role in privacy policy for the executive branch. What authority does the FTC have re: privacy in the private sector? - ansGeneral authority to enforce against "unfair and deceptive trade practices." In which areas does the FTC have specific regulatory authority? - ans1. marketing communications;2. children's privacy Who brings privacy-related enforcement actions at the state level? - ansState Attorneys General On what basis are state privacy enforcement actions brought? - anspursuant to state laws prohibiting unfair and deceptive practices. What role does the State Attorney General serve? - ansServes as the chief legal advisor to the state government and as the state's chief law enforcement officer Which states have successfully pursued privacy actions related to unfair and deceptive practices? - ansMinnesota and Washington. Give examples of self-regulatory regimes. - ansNetwork Advertising Initiative, Direct Marketing Association, Children's Advertising Review Unit. True/false: some trade associations issue rules or codes of conduct for members. - ansTrue. Give an example of a regulatory setting where government-created rules expect companies to sign up for self-regulatory oversight. - ansThe Safe Harbor for companies that transfer personal information from the EU to the US. What are some reasons for knowing a law's scope when you don't have to follow it? - ans1. the law may suggest good practices that you want to emulate2. it may provide an indication of legal trends3. i may provide a proven way to achieve a particular results (i.e. protecting individuals in a given situation) Give an example of a time when the costs of compliance with a law might exceed the risks of noncompliance for a period of time. - ansIf a system that is not appropriately compliant with a new law, but is going to be replaced in a few months, a company may decide that the risks of noncompliance outweigh the costs and risk of trying to accelerate the system transition. In which state was the first security breach notification law enacted? - ansCalifornia. What does the CA law regulate? - ansThe CA Data Breach Notification Law regulates entities that do business in CA and that own or license computerized data, including PI. To whom does the CA law apply? - ansIt applies to natural persons, legal persons, and government agencies.
CIPP/US Practice Exam 2025: Complete
Questions and Accurate Answers for
Guaranteed Success!
Top Rated Exam Study Guide Latest
Updated 2025/
True/false: if you do business only in Montana or NY, you are still subject to this CA law. - ansFalse Even if you do business in this CA, what is required for this law to apply to you? - ansYou must have computerized data. What does the CA data breach law cover? - ansIt regulates computerized PI of CA residents. What is PI? - ansPersonal information - an individual's name in combination with any one or more of (1) SSN, (2) CA identification card number, (3) Driver's License number, (4) financial account number or credit or debit card number in combination with any required security code, access code or password that would permit access to an individual's financial account, when either the name or the data elements are not encrypted. True/False: If your databases contain only names and addresses, you are not subject to the CA law. - ansTrue. True/False: If your database contains only encrypted information, you are not subject to the CA law. - ansTrue. What does the CA Data Breach Notification law require or prohibit? - ansIt requires you to disclose any breach of system security to any resident of CA whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person. Define "breach of the security of the system". - ansUnauthorized acquisition of computerized data that compromises the security, confidentiality or integrity of personal information maintained by the person. How must disclosure be carried out? - ansThe disclosure must be made "in as expedient a manner as possible." What is the exception to the CA law? - ansThere is an exception for the good faith acquisition of PI by an employee or agent of the business, provided the PI is not used or subject to further unauthorized disclosure. When is a delay in providing notice permissible? - ansWhen a delay is requested by law enforcement. Who enforces the CA law? - ansThe CA Attorney General enforces the law. True/false: the law provides for a private cause of action. - ansTrue. What happens if one doesn't comply with the CA law? - ansThe CA attorney general or any citizen can file a civil lawsuit against you, seeking damages and forcing you to comply. Why does the CA data notification law exist? - ansSB 1386 was enacted because there is a fear that security breaches of computerized databases cause identity theft and individuals should be notified about the breach so that they can take steps to protect themselves. If you have a security breach that puts people at real risk of identity theft, you should consider notifying them even if you are not subject to this law. What is the FTC? - ansThe Federal Trade Commission is an independent agency governed by a chairman and four other commissioners.
