{"id":83023,"date":"2024-07-05T03:00:06","date_gmt":"2024-07-05T03:00:06","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=83023"},"modified":"2025-09-22T06:45:34","modified_gmt":"2025-09-22T06:45:34","slug":"most-current-cipm-dumps-v12-02-prepare-for-the-iapp-certified-information-privacy-manager-cipm-exam-by-using-the-latest-dumps","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/most-current-cipm-dumps-v12-02-prepare-for-the-iapp-certified-information-privacy-manager-cipm-exam-by-using-the-latest-dumps.html","title":{"rendered":"Most Current CIPM Dumps (V12.02) &#8211; Prepare for the IAPP Certified Information Privacy Manager (CIPM) Exam by Using the Latest Dumps"},"content":{"rendered":"\r\n<p>You can choose a reliable study guide to prepare for your IAPP Certified Information Privacy Manager (CIPM) certification exam. Today, you can get the most current CIPM dumps (V12.02) from DumpsBase as the preparation materials. The professional team has collected 180 practice exam questions and answers, which can significantly enhance your IAPP Certified Information Privacy Manager (CIPM) exam preparation process. All these updated CIPM exam questions with precise answers are verified by a team of professionals, ensuring that they closely mirror the actual exam content. By covering every topic, our updated CIPM dumps (V12.02) make the IAPP CIPM certification exam easier for you to understand and memorize crucial information. DumpsBase offers IAPP CIPM dumps (V12.02) with actual questions and answers that help you practice effectively for the IAPP Certified Information Privacy Manager (CIPM) certification exam.<\/p>\r\n<h2>IAPP Certified Information Privacy Manager (CIPM) Dumps Updated &#8211; <em><span style=\"background-color: #00ffff;\">Read CIPM Free Dumps Below<\/span><\/em><\/h2>\r\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam8779\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-8779\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-8779\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-342084'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>What is the best way to understand the location, use and importance of personal data within an organization?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='342084' \/><input type='hidden' id='answerType342084' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342084[]' id='answer-id-1338221' class='answer   answerof-342084 ' value='1338221'   \/><label for='answer-id-1338221' id='answer-label-1338221' class=' answer'><span>By analyzing the data inventory.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342084[]' id='answer-id-1338222' class='answer   answerof-342084 ' value='1338222'   \/><label for='answer-id-1338222' id='answer-label-1338222' class=' answer'><span>By testing the security of data systems.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342084[]' id='answer-id-1338223' class='answer   answerof-342084 ' value='1338223'   \/><label for='answer-id-1338223' id='answer-label-1338223' class=' answer'><span>By evaluating methods for collecting data.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342084[]' id='answer-id-1338224' class='answer   answerof-342084 ' value='1338224'   \/><label for='answer-id-1338224' id='answer-label-1338224' class=' answer'><span>By interviewing employees tasked with data entry.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-342085'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>What are you doing if you succumb to &quot;overgeneralization&quot; when analyzing data from metrics?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='342085' \/><input type='hidden' id='answerType342085' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342085[]' id='answer-id-1338225' class='answer   answerof-342085 ' value='1338225'   \/><label for='answer-id-1338225' id='answer-label-1338225' class=' answer'><span>Using data that is too broad to capture specific meanings.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342085[]' id='answer-id-1338226' class='answer   answerof-342085 ' value='1338226'   \/><label for='answer-id-1338226' id='answer-label-1338226' class=' answer'><span>Possessing too many types of data to perform a valid analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342085[]' id='answer-id-1338227' class='answer   answerof-342085 ' value='1338227'   \/><label for='answer-id-1338227' id='answer-label-1338227' class=' answer'><span>Using limited data in an attempt to support broad conclusions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342085[]' id='answer-id-1338228' class='answer   answerof-342085 ' value='1338228'   \/><label for='answer-id-1338228' id='answer-label-1338228' class=' answer'><span>Trying to use several measurements to gauge one aspect of a program.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-342086'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>In addition to regulatory requirements and business practices, what important factors must a global privacy strategy consider?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='342086' \/><input type='hidden' id='answerType342086' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342086[]' id='answer-id-1338229' class='answer   answerof-342086 ' value='1338229'   \/><label for='answer-id-1338229' id='answer-label-1338229' class=' answer'><span>Monetary exchange.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342086[]' id='answer-id-1338230' class='answer   answerof-342086 ' value='1338230'   \/><label for='answer-id-1338230' id='answer-label-1338230' class=' answer'><span>Geographic features.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342086[]' id='answer-id-1338231' class='answer   answerof-342086 ' value='1338231'   \/><label for='answer-id-1338231' id='answer-label-1338231' class=' answer'><span>Political history.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342086[]' id='answer-id-1338232' class='answer   answerof-342086 ' value='1338232'   \/><label for='answer-id-1338232' id='answer-label-1338232' class=' answer'><span>Cultural norms.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-342087'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>What have experts identified as an important trend in privacy program development?<\/div><input type='hidden' name='question_id[]' id='qID_4' value='342087' \/><input type='hidden' id='answerType342087' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342087[]' id='answer-id-1338233' class='answer   answerof-342087 ' value='1338233'   \/><label for='answer-id-1338233' id='answer-label-1338233' class=' answer'><span>The narrowing of regulatory definitions of personal information.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342087[]' id='answer-id-1338234' class='answer   answerof-342087 ' value='1338234'   \/><label for='answer-id-1338234' id='answer-label-1338234' class=' answer'><span>The rollback of ambitious programs due to budgetary restraints.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342087[]' id='answer-id-1338235' class='answer   answerof-342087 ' value='1338235'   \/><label for='answer-id-1338235' id='answer-label-1338235' class=' answer'><span>The movement beyond crisis management to proactive prevention.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342087[]' id='answer-id-1338236' class='answer   answerof-342087 ' value='1338236'   \/><label for='answer-id-1338236' id='answer-label-1338236' class=' answer'><span>The stabilization of programs as the pace of new legal mandates slows.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-342088'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the company's flagship product, the Handy Helper. The Handy Helper is an application that can be used in the home to manage family calendars, do online shopping, and schedule doctor appointments. After having had a successful launch in the United States, the Handy Helper is about to be made available for purchase worldwide. <br \/>\r<br>The packaging and user guide for the Handy Helper indicate that it is a &quot;privacy friendly&quot; product suitable for the whole family, including children, but does not provide any further detail or privacy notice. In order to use the application, a family creates a single account, and the primary user has access to all information about the other users. Upon start up, the primary user must check a box consenting to receive marketing emails from Omnipresent Omnimedia and selected marketing partners in order to be able to use the application. <br \/>\r<br>Sanjay, the head of privacy at Omnipresent Omnimedia, was working on an agreement with a European distributor of Handy Helper when he fielded many Questions about the product from the distributor. Sanjay needed to look more closely at the product in order to be able to answer the Questions as he was not involved in the product development process. <br \/>\r<br>In speaking with the product team, he learned that the Handy Helper collected and stored all of a user's sensitive medical information for the medical appointment scheduler. In fact, all of the user's information is stored by Handy Helper for the additional purpose of creating additional products and to analyze usage of the product. This data is all stored in the cloud and is encrypted both during transmission and at rest. <br \/>\r<br>Consistent with the CEO's philosophy that great new product ideas can come from anyone, all Omnipresent Omnimedia employees have access to user data under a program called Eureka. Omnipresent Omnimedia is hoping that at some point in the future, the data will reveal insights that could be used to create a fully automated application that runs on artificial intelligence, but as of yet, Eureka is not well-defined and is considered a long-term goal. <br \/>\r<br>What step in the system development process did Manasa skip?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='342088' \/><input type='hidden' id='answerType342088' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342088[]' id='answer-id-1338237' class='answer   answerof-342088 ' value='1338237'   \/><label for='answer-id-1338237' id='answer-label-1338237' class=' answer'><span>Obtain express written consent from users of the Handy Helper regarding marketing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342088[]' id='answer-id-1338238' class='answer   answerof-342088 ' value='1338238'   \/><label for='answer-id-1338238' id='answer-label-1338238' class=' answer'><span>Work with Sanjay to review any necessary privacy requirements to be built into the product.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342088[]' id='answer-id-1338239' class='answer   answerof-342088 ' value='1338239'   \/><label for='answer-id-1338239' id='answer-label-1338239' class=' answer'><span>Certify that the Handy Helper meets the requirements of the EU-US Privacy Shield Framework.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342088[]' id='answer-id-1338240' class='answer   answerof-342088 ' value='1338240'   \/><label for='answer-id-1338240' id='answer-label-1338240' class=' answer'><span>Build the artificial intelligence feature so that users would not have to input sensitive information \r\ninto the Handy Helper.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-342089'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the company's flagship product, the Handy Helper. The Handy Helper is an application that can be used in the home to manage family calendars, do online shopping, and schedule doctor appointments. After having had a successful launch in the United States, the Handy Helper is about to be made available for purchase worldwide. <br \/>\r<br>The packaging and user guide for the Handy Helper indicate that it is a &quot;privacy friendly&quot; product suitable for the whole family, including children, but does not provide any further detail or privacy notice. In order to use the application, a family creates a single account, and the primary user has access to all information about the other users. Upon start up, the primary user must check a box consenting to receive marketing emails from Omnipresent Omnimedia and selected marketing partners in order to be able to use the application. <br \/>\r<br>Sanjay, the head of privacy at Omnipresent Omnimedia, was working on an agreement with a European distributor of Handy Helper when he fielded many Questions about the product from the distributor. Sanjay needed to look more closely at the product in order to be able to answer the Questions as he was not involved in the product development process. <br \/>\r<br>In speaking with the product team, he learned that the Handy Helper collected and stored all of a user's sensitive medical information for the medical appointment scheduler. In fact, all of the user's information is stored by Handy Helper for the additional purpose of creating additional products and to analyze usage of the product. This data is all stored in the cloud and is encrypted both during transmission and at rest. <br \/>\r<br>Consistent with the CEO's philosophy that great new product ideas can come from anyone, all Omnipresent Omnimedia employees have access to user data under a program called Eureka. Omnipresent Omnimedia is hoping that at some point in the future, the data will reveal insights that could be used to create a fully automated application that runs on artificial intelligence, but as of yet, Eureka is not well-defined and is considered a long-term goal. <br \/>\r<br>What administrative safeguards should be implemented to protect the collected data while in use by Manasa and her product management team?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='342089' \/><input type='hidden' id='answerType342089' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342089[]' id='answer-id-1338241' class='answer   answerof-342089 ' value='1338241'   \/><label for='answer-id-1338241' id='answer-label-1338241' class=' answer'><span>Document the data flows for the collected data.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342089[]' id='answer-id-1338242' class='answer   answerof-342089 ' value='1338242'   \/><label for='answer-id-1338242' id='answer-label-1338242' class=' answer'><span>Conduct a Privacy Impact Assessment (PIA) to evaluate the risks involved.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342089[]' id='answer-id-1338243' class='answer   answerof-342089 ' value='1338243'   \/><label for='answer-id-1338243' id='answer-label-1338243' class=' answer'><span>Implement a policy restricting data access on a &quot;need to know&quot; basis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342089[]' id='answer-id-1338244' class='answer   answerof-342089 ' value='1338244'   \/><label for='answer-id-1338244' id='answer-label-1338244' class=' answer'><span>Limit data transfers to the US by keeping data collected in Europe within a local data center.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-342090'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the company's flagship product, the Handy Helper. The Handy Helper is an application that can be used in the home to manage family calendars, do online shopping, and schedule doctor appointments. After having had a successful launch in the United States, the Handy Helper is about to be made available for purchase worldwide. <br \/>\r<br>The packaging and user guide for the Handy Helper indicate that it is a &quot;privacy friendly&quot; product suitable for the whole family, including children, but does not provide any further detail or privacy notice. In order to use the application, a family creates a single account, and the primary user has access to all information about the other users. Upon start up, the primary user must check a box consenting to receive marketing emails from Omnipresent Omnimedia and selected marketing partners in order to be able to use the application. <br \/>\r<br>Sanjay, the head of privacy at Omnipresent Omnimedia, was working on an agreement with a European distributor of Handy Helper when he fielded many Questions about the product from the distributor. Sanjay needed to look more closely at the product in order to be able to answer the <br \/>\r<br>Questions as he was not involved in the product development process. <br \/>\r<br>In speaking with the product team, he learned that the Handy Helper collected and stored all of a user's sensitive medical information for the medical appointment scheduler. In fact, all of the user's information is stored by Handy Helper for the additional purpose of creating additional products and to analyze usage of the product. This data is all stored in the cloud and is encrypted both during transmission and at rest. <br \/>\r<br>Consistent with the CEO's philosophy that great new product ideas can come from anyone, all Omnipresent Omnimedia employees have access to user data under a program called Eureka. Omnipresent Omnimedia is hoping that at some point in the future, the data will reveal insights that could be used to create a fully automated application that runs on artificial intelligence, but as of yet, Eureka is not well-defined and is considered a long-term goal. <br \/>\r<br>What element of the Privacy by Design (PbD) framework might the Handy Helper violate?<\/div><input type='hidden' name='question_id[]' id='qID_7' value='342090' \/><input type='hidden' id='answerType342090' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342090[]' id='answer-id-1338245' class='answer   answerof-342090 ' value='1338245'   \/><label for='answer-id-1338245' id='answer-label-1338245' class=' answer'><span>Failure to obtain opt-in consent to marketing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342090[]' id='answer-id-1338246' class='answer   answerof-342090 ' value='1338246'   \/><label for='answer-id-1338246' id='answer-label-1338246' class=' answer'><span>Failure to observe data localization requirements.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342090[]' id='answer-id-1338247' class='answer   answerof-342090 ' value='1338247'   \/><label for='answer-id-1338247' id='answer-label-1338247' class=' answer'><span>Failure to implement the least privilege access standard.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342090[]' id='answer-id-1338248' class='answer   answerof-342090 ' value='1338248'   \/><label for='answer-id-1338248' id='answer-label-1338248' class=' answer'><span>Failure to integrate privacy throughout the system development life cycle.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-342091'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the company's flagship product, the Handy Helper. The Handy Helper is an application that can be used in the home to manage family calendars, do online shopping, and schedule doctor appointments. After having had a successful launch in the United States, the Handy Helper is about to be made available for purchase worldwide. <br \/>\r<br>The packaging and user guide for the Handy Helper indicate that it is a &quot;privacy friendly&quot; product suitable for the whole family, including children, but does not provide any further detail or privacy notice. In order to use the application, a family creates a single account, and the primary user has access to all information about the other users. Upon start up, the primary user must check a box consenting to receive marketing emails from Omnipresent Omnimedia and selected marketing partners in order to be able to use the application. <br \/>\r<br>Sanjay, the head of privacy at Omnipresent Omnimedia, was working on an agreement with a European distributor of Handy Helper when he fielded many Questions about the product from the distributor. Sanjay needed to look more closely at the product in order to be able to answer the Questions as he was not involved in the product development process. <br \/>\r<br>In speaking with the product team, he learned that the Handy Helper collected and stored all of a user's sensitive medical information for the medical appointment scheduler. In fact, all of the user's information is stored by Handy Helper for the additional purpose of creating additional products and to analyze usage of the product. This data is all stored in the cloud and is encrypted both during transmission and at rest. <br \/>\r<br>Consistent with the CEO's philosophy that great new product ideas can come from anyone, all Omnipresent Omnimedia employees have access to user data under a program called Eureka. Omnipresent Omnimedia is hoping that at some point in the future, the data will reveal insights that could be used to create a fully automated application that runs on artificial intelligence, but as of yet, Eureka is not well-defined and is considered a long-term goal. <br \/>\r<br>What can Sanjay do to minimize the risks of offering the product in Europe?<\/div><input type='hidden' name='question_id[]' id='qID_8' value='342091' \/><input type='hidden' id='answerType342091' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342091[]' id='answer-id-1338249' class='answer   answerof-342091 ' value='1338249'   \/><label for='answer-id-1338249' id='answer-label-1338249' class=' answer'><span>Sanjay should advise the distributor that Omnipresent Omnimedia has certified to the Privacy Shield Framework and there should be no issues.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342091[]' id='answer-id-1338250' class='answer   answerof-342091 ' value='1338250'   \/><label for='answer-id-1338250' id='answer-label-1338250' class=' answer'><span>Sanjay should work with Manasa to review and remediate the Handy Helper as a gating item before it is released.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342091[]' id='answer-id-1338251' class='answer   answerof-342091 ' value='1338251'   \/><label for='answer-id-1338251' id='answer-label-1338251' class=' answer'><span>Sanjay should document the data life cycle of the data collected by the Handy Helper.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342091[]' id='answer-id-1338252' class='answer   answerof-342091 ' value='1338252'   \/><label for='answer-id-1338252' id='answer-label-1338252' class=' answer'><span>Sanjay should write a privacy policy to include with the Handy Helper user guide.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-342092'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>Which statement is FALSE regarding the use of technical security controls?<\/div><input type='hidden' name='question_id[]' id='qID_9' value='342092' \/><input type='hidden' id='answerType342092' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342092[]' id='answer-id-1338253' class='answer   answerof-342092 ' value='1338253'   \/><label for='answer-id-1338253' id='answer-label-1338253' class=' answer'><span>Technical security controls are part of a data governance strategy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342092[]' id='answer-id-1338254' class='answer   answerof-342092 ' value='1338254'   \/><label for='answer-id-1338254' id='answer-label-1338254' class=' answer'><span>Technical security controls deployed for one jurisdiction often satisfy another jurisdiction.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342092[]' id='answer-id-1338255' class='answer   answerof-342092 ' value='1338255'   \/><label for='answer-id-1338255' id='answer-label-1338255' class=' answer'><span>Most privacy legislation lists the types of technical security controls that must be implemented.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342092[]' id='answer-id-1338256' class='answer   answerof-342092 ' value='1338256'   \/><label for='answer-id-1338256' id='answer-label-1338256' class=' answer'><span>A person with security knowledge should be involved with the deployment of technical security controls.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-342093'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>An organization's privacy officer was just notified by the benefits manager that she accidentally sent out the retirement enrollment report of all employees to a wrong vendor. <br \/>\r<br>Which of the following actions should the privacy officer take first?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='342093' \/><input type='hidden' id='answerType342093' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342093[]' id='answer-id-1338257' class='answer   answerof-342093 ' value='1338257'   \/><label for='answer-id-1338257' id='answer-label-1338257' class=' answer'><span>Perform a risk of harm analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342093[]' id='answer-id-1338258' class='answer   answerof-342093 ' value='1338258'   \/><label for='answer-id-1338258' id='answer-label-1338258' class=' answer'><span>Report the incident to law enforcement.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342093[]' id='answer-id-1338259' class='answer   answerof-342093 ' value='1338259'   \/><label for='answer-id-1338259' id='answer-label-1338259' class=' answer'><span>Contact the recipient to delete the email.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342093[]' id='answer-id-1338260' class='answer   answerof-342093 ' value='1338260'   \/><label for='answer-id-1338260' id='answer-label-1338260' class=' answer'><span>Send firm-wide email notification to employees.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-342094'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found some degree of disorganization after touring the company headquarters. His uncle Henry had always focused on production C not data processing C and Anton is concerned. In several storage rooms, he has found paper files, disks, and old computers that appear to contain the personal data of current and former employees and customers. Anton knows that a single break-in could irrevocably damage the company's relationship with its loyal customers. He intends to set a goal of guaranteed zero loss of personal information. <br \/>\r<br>To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the company. However, Kenneth C his uncle's vice president and longtime confidante C wants to hold off on Anton's idea in favor of converting any paper records held at the company to electronic storage. Kenneth believes this process would only take one or two years. Anton likes this idea; he envisions a password- protected system that only he and Kenneth can access. <br \/>\r<br>Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware store down the street will be responsible for their own information management. Then, any unneeded subsidiary data still in Anton's possession can be destroyed within the next few years. <br \/>\r<br>After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the data was encrypted and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice letters to all employees and customers to be safe. <br \/>\r<br>Anton must also check for compliance with all legislative, regulatory, and market requirements related to privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago, but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another trusted employee with a law background the task of the compliance assessment. After a thorough analysis, Anton knows the company should be safe for another five years, at which time he can order another check. <br \/>\r<br>Documentation of this analysis will show auditors due diligence. <br \/>\r<br>Anton has started down a long road toward improved management of the company, but he knows the effort is worth it. Anton wants his uncle's legacy to continue for many years to come. <br \/>\r<br>To improve the facility's system of data security, Anton should consider following through with the plan for which of the following?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='342094' \/><input type='hidden' id='answerType342094' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342094[]' id='answer-id-1338261' class='answer   answerof-342094 ' value='1338261'   \/><label for='answer-id-1338261' id='answer-label-1338261' class=' answer'><span>Customer communication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342094[]' id='answer-id-1338262' class='answer   answerof-342094 ' value='1338262'   \/><label for='answer-id-1338262' id='answer-label-1338262' class=' answer'><span>Employee access to electronic storage.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342094[]' id='answer-id-1338263' class='answer   answerof-342094 ' value='1338263'   \/><label for='answer-id-1338263' id='answer-label-1338263' class=' answer'><span>Employee advisement regarding legal matters.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342094[]' id='answer-id-1338264' class='answer   answerof-342094 ' value='1338264'   \/><label for='answer-id-1338264' id='answer-label-1338264' class=' answer'><span>Controlled access at the company headquarters.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-342095'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found some degree of disorganization after touring the company headquarters. His uncle Henry had always focused on production C not data processing C and Anton is concerned. In several storage rooms, he has found paper files, disks, and old computers that appear to contain the personal data of current and former employees and customers. Anton knows that a single break-in could irrevocably damage the company's relationship with its loyal customers. He intends to set a goal of guaranteed zero loss of personal information. <br \/>\r<br>To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the company. However, Kenneth C his uncle's vice president and longtime confidante C wants to hold off on Anton's idea in favor of converting any paper records held at the company to electronic storage. Kenneth believes this process would only take one or two years. Anton likes this idea; he envisions a password- protected system that only he and Kenneth can access. <br \/>\r<br>Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware store down the street will be responsible for their own information management. Then, any unneeded subsidiary data still in Anton's possession can be destroyed within the next few years. <br \/>\r<br>After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the data was encrypted and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice letters to all employees and customers to be safe. <br \/>\r<br>Anton must also check for compliance with all legislative, regulatory, and market requirements related to privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago, but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another trusted employee with a law background the task of the compliance assessment. After a thorough analysis, Anton knows the company should be safe for another five years, at which time he can order another check. <br \/>\r<br>Documentation of this analysis will show auditors due diligence. <br \/>\r<br>Anton has started down a long road toward improved management of the company, but he knows the effort is worth it. Anton wants his uncle's legacy to continue for many years to come. <br \/>\r<br>Which of Anton's plans for improving the data management of the company is most unachievable?<\/div><input type='hidden' name='question_id[]' id='qID_12' value='342095' \/><input type='hidden' id='answerType342095' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342095[]' id='answer-id-1338265' class='answer   answerof-342095 ' value='1338265'   \/><label for='answer-id-1338265' id='answer-label-1338265' class=' answer'><span>His initiative to achieve regulatory compliance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342095[]' id='answer-id-1338266' class='answer   answerof-342095 ' value='1338266'   \/><label for='answer-id-1338266' id='answer-label-1338266' class=' answer'><span>His intention to transition to electronic storage.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342095[]' id='answer-id-1338267' class='answer   answerof-342095 ' value='1338267'   \/><label for='answer-id-1338267' id='answer-label-1338267' class=' answer'><span>His objective for zero loss of personal information.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342095[]' id='answer-id-1338268' class='answer   answerof-342095 ' value='1338268'   \/><label for='answer-id-1338268' id='answer-label-1338268' class=' answer'><span>His intention to send notice letters to customers and employees.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-342096'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found some degree of disorganization after touring the company headquarters. His uncle Henry had always focused on production C not data processing C and Anton is concerned. In several storage rooms, he has found paper files, disks, and old computers that appear to contain the personal data of current and former employees and customers. Anton knows that a single break-in could irrevocably damage the company's <br \/>\r<br>relationship with its loyal customers. He intends to set a goal of guaranteed zero loss of personal information. <br \/>\r<br>To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the company. However, Kenneth C his uncle's vice president and longtime confidante C wants to hold off on Anton's idea in favor of converting any paper records held at the company to electronic storage. Kenneth believes this process would only take one or two years. Anton likes this idea; he envisions a password- protected system that only he and Kenneth can access. <br \/>\r<br>Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware store down the street will be responsible for their own information management. Then, any unneeded subsidiary data still in Anton's possession can be destroyed within the next few years. <br \/>\r<br>After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the data was encrypted and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice letters to all employees and customers to be safe. <br \/>\r<br>Anton must also check for compliance with all legislative, regulatory, and market requirements related to privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago, but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another trusted employee with a law background the task of the compliance assessment. After a thorough analysis, Anton knows the company should be safe for another five years, at which time he can order another check. <br \/>\r<br>Documentation of this analysis will show auditors due diligence. <br \/>\r<br>Anton has started down a long road toward improved management of the company, but he knows the effort is worth it. Anton wants his uncle's legacy to continue for many years to come. <br \/>\r<br>Which important principle of Data Lifecycle Management (DLM) will most likely be compromised if Anton executes his plan to limit data access to himself and Kenneth?<\/div><input type='hidden' name='question_id[]' id='qID_13' value='342096' \/><input type='hidden' id='answerType342096' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342096[]' id='answer-id-1338269' class='answer   answerof-342096 ' value='1338269'   \/><label for='answer-id-1338269' id='answer-label-1338269' class=' answer'><span>Practicing data minimalism.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342096[]' id='answer-id-1338270' class='answer   answerof-342096 ' value='1338270'   \/><label for='answer-id-1338270' id='answer-label-1338270' class=' answer'><span>Ensuring data retrievability.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342096[]' id='answer-id-1338271' class='answer   answerof-342096 ' value='1338271'   \/><label for='answer-id-1338271' id='answer-label-1338271' class=' answer'><span>Implementing clear policies.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342096[]' id='answer-id-1338272' class='answer   answerof-342096 ' value='1338272'   \/><label for='answer-id-1338272' id='answer-label-1338272' class=' answer'><span>Ensuring adequacy of infrastructure.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-342097'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found some degree of disorganization after touring the company headquarters. His uncle Henry had always focused on production C not data processing C and Anton is concerned. In several storage rooms, he has found paper files, disks, and old computers that appear to contain the personal data of current and former employees and customers. Anton knows that a single break-in could irrevocably damage the company's relationship with its loyal customers. He intends to set a goal of guaranteed zero loss of personal information. <br \/>\r<br>To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the company. However, Kenneth C his uncle's vice president and longtime confidante C wants to hold off on Anton's idea in favor of converting any paper records held at the company to electronic storage. Kenneth <br \/>\r<br>believes this process would only take one or two years. Anton likes this idea; he envisions a password- protected system that only he and Kenneth can access. <br \/>\r<br>Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware store down the street will be responsible for their own information management. Then, any unneeded subsidiary data still in Anton's possession can be destroyed within the next few years. <br \/>\r<br>After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the data was encrypted and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice letters to all employees and customers to be safe. <br \/>\r<br>Anton must also check for compliance with all legislative, regulatory, and market requirements related to privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago, but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another trusted employee with a law background the task of the compliance assessment. After a thorough analysis, Anton knows the company should be safe for another five years, at which time he can order another check. <br \/>\r<br>Documentation of this analysis will show auditors due diligence. <br \/>\r<br>Anton has started down a long road toward improved management of the company, but he knows the effort is worth it. Anton wants his uncle's legacy to continue for many years to come. <br \/>\r<br>In terms of compliance with regulatory and legislative changes, Anton has a misconception regarding?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='342097' \/><input type='hidden' id='answerType342097' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342097[]' id='answer-id-1338273' class='answer   answerof-342097 ' value='1338273'   \/><label for='answer-id-1338273' id='answer-label-1338273' class=' answer'><span>The timeline for monitoring.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342097[]' id='answer-id-1338274' class='answer   answerof-342097 ' value='1338274'   \/><label for='answer-id-1338274' id='answer-label-1338274' class=' answer'><span>The method of recordkeeping.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342097[]' id='answer-id-1338275' class='answer   answerof-342097 ' value='1338275'   \/><label for='answer-id-1338275' id='answer-label-1338275' class=' answer'><span>The use of internal employees.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342097[]' id='answer-id-1338276' class='answer   answerof-342097 ' value='1338276'   \/><label for='answer-id-1338276' id='answer-label-1338276' class=' answer'><span>The type of required qualifications.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-342098'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has found some degree of disorganization after touring the company headquarters. His uncle Henry had always focused on production C not data processing C and Anton is concerned. In several storage rooms, he has found paper files, disks, and old computers that appear to contain the personal data of current and former employees and customers. Anton knows that a single break-in could irrevocably damage the company's relationship with its loyal customers. He intends to set a goal of guaranteed zero loss of personal information. <br \/>\r<br>To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the company. However, Kenneth C his uncle's vice president and longtime confidante C wants to hold off on Anton's idea in favor of converting any paper records held at the company to electronic storage. Kenneth believes this process would only take one or two years. Anton likes this idea; he envisions a password- protected system that only he and Kenneth can access. <br \/>\r<br>Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware store down the street will be responsible for their own information management. Then, any unneeded <br \/>\r<br>subsidiary data still in Anton's possession can be destroyed within the next few years. <br \/>\r<br>After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the data was encrypted and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice letters to all employees and customers to be safe. <br \/>\r<br>Anton must also check for compliance with all legislative, regulatory, and market requirements related to privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago, but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another trusted employee with a law background the task of the compliance assessment. After a thorough analysis, Anton knows the company should be safe for another five years, at which time he can order another check. <br \/>\r<br>Documentation of this analysis will show auditors due diligence. <br \/>\r<br>Anton has started down a long road toward improved management of the company, but he knows the effort is worth it. Anton wants his uncle's legacy to continue for many years to come. <br \/>\r<br>What would the company's legal team most likely recommend to Anton regarding his planned communication with customers?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='342098' \/><input type='hidden' id='answerType342098' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342098[]' id='answer-id-1338277' class='answer   answerof-342098 ' value='1338277'   \/><label for='answer-id-1338277' id='answer-label-1338277' class=' answer'><span>To send consistent communication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342098[]' id='answer-id-1338278' class='answer   answerof-342098 ' value='1338278'   \/><label for='answer-id-1338278' id='answer-label-1338278' class=' answer'><span>To shift to electronic communication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342098[]' id='answer-id-1338279' class='answer   answerof-342098 ' value='1338279'   \/><label for='answer-id-1338279' id='answer-label-1338279' class=' answer'><span>To delay communications until local authorities are informed.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342098[]' id='answer-id-1338280' class='answer   answerof-342098 ' value='1338280'   \/><label for='answer-id-1338280' id='answer-label-1338280' class=' answer'><span>To consider under what circumstances communication is necessary.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-342099'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>Why were the nongovernmental privacy organizations, Electronic Frontier Foundation (EFF) and Electronic Privacy Information Center (EPIC), established?<\/div><input type='hidden' name='question_id[]' id='qID_16' value='342099' \/><input type='hidden' id='answerType342099' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342099[]' id='answer-id-1338281' class='answer   answerof-342099 ' value='1338281'   \/><label for='answer-id-1338281' id='answer-label-1338281' class=' answer'><span>To promote consumer confidence in the Internet industry.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342099[]' id='answer-id-1338282' class='answer   answerof-342099 ' value='1338282'   \/><label for='answer-id-1338282' id='answer-label-1338282' class=' answer'><span>To improve the user experience during online shopping.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342099[]' id='answer-id-1338283' class='answer   answerof-342099 ' value='1338283'   \/><label for='answer-id-1338283' id='answer-label-1338283' class=' answer'><span>To protect civil liberties and raise consumer awareness.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342099[]' id='answer-id-1338284' class='answer   answerof-342099 ' value='1338284'   \/><label for='answer-id-1338284' id='answer-label-1338284' class=' answer'><span>To promote security on the Internet through strong encryption.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-342100'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>What is the main function of the Asia-Pacific Economic Cooperation Privacy Framework?<\/div><input type='hidden' name='question_id[]' id='qID_17' value='342100' \/><input type='hidden' id='answerType342100' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342100[]' id='answer-id-1338285' class='answer   answerof-342100 ' value='1338285'   \/><label for='answer-id-1338285' id='answer-label-1338285' class=' answer'><span>Enabling regional data transfers.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342100[]' id='answer-id-1338286' class='answer   answerof-342100 ' value='1338286'   \/><label for='answer-id-1338286' id='answer-label-1338286' class=' answer'><span>Protecting data from parties outside the region.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342100[]' id='answer-id-1338287' class='answer   answerof-342100 ' value='1338287'   \/><label for='answer-id-1338287' id='answer-label-1338287' class=' answer'><span>Establishing legal requirements for privacy protection in the region.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342100[]' id='answer-id-1338288' class='answer   answerof-342100 ' value='1338288'   \/><label for='answer-id-1338288' id='answer-label-1338288' class=' answer'><span>Marketing privacy protection technologies developed in the region.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-342101'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='342101' \/><input type='hidden' id='answerType342101' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342101[]' id='answer-id-1338289' class='answer   answerof-342101 ' value='1338289'   \/><label for='answer-id-1338289' id='answer-label-1338289' class=' answer'><span>The DPIA result must be reported to the corresponding supervisory authority.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342101[]' id='answer-id-1338290' class='answer   answerof-342101 ' value='1338290'   \/><label for='answer-id-1338290' id='answer-label-1338290' class=' answer'><span>The DPIA report must be published to demonstrate the transparency of the data processing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342101[]' id='answer-id-1338291' class='answer   answerof-342101 ' value='1338291'   \/><label for='answer-id-1338291' id='answer-label-1338291' class=' answer'><span>The DPIA must include a description of the proposed processing operation and its purpose.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342101[]' id='answer-id-1338292' class='answer   answerof-342101 ' value='1338292'   \/><label for='answer-id-1338292' id='answer-label-1338292' class=' answer'><span>The DPIA is required if the processing activity entails risk to the rights and freedoms of an EU individual.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-342102'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>As a Data Protection Officer, one of your roles entails monitoring changes in laws and regulations and updating policies accordingly. <br \/>\r<br>How would you most effectively execute this responsibility?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='342102' \/><input type='hidden' id='answerType342102' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342102[]' id='answer-id-1338293' class='answer   answerof-342102 ' value='1338293'   \/><label for='answer-id-1338293' id='answer-label-1338293' class=' answer'><span>Consult an external lawyer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342102[]' id='answer-id-1338294' class='answer   answerof-342102 ' value='1338294'   \/><label for='answer-id-1338294' id='answer-label-1338294' class=' answer'><span>Regularly engage regulators.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342102[]' id='answer-id-1338295' class='answer   answerof-342102 ' value='1338295'   \/><label for='answer-id-1338295' id='answer-label-1338295' class=' answer'><span>Attend workshops and interact with other professionals.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342102[]' id='answer-id-1338296' class='answer   answerof-342102 ' value='1338296'   \/><label for='answer-id-1338296' id='answer-label-1338296' class=' answer'><span>Subscribe to email list-serves that report on regulatory changes.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-342103'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>John is the new privacy officer at the prestigious international law firm C A&amp;M LLP. A&amp;M LLP is very proud of its reputation in the practice areas of Trusts &amp; Estates and Merger &amp; Acquisition in both U.S. and Europe. <br \/>\r<br>During lunch with a colleague from the Information Technology department, John heard that the Head of IT, Derrick, is about to outsource the firm's email continuity service to their existing email security vendor C MessageSafe. Being successful as an email hygiene vendor, MessageSafe is expanding its business by leasing cloud infrastructure from Cloud Inc. to host email continuity service for A&amp;M LLP. <br \/>\r<br>John is very concerned about this initiative. He recalled that MessageSafe was in the news six months ago due to a security breach. Immediately, John did a quick research of MessageSafe's previous breach and learned that the breach was caused by an unintentional mistake by an IT administrator. He scheduled a meeting with Derrick to address his concerns. <br \/>\r<br>At the meeting, Derrick emphasized that email is the primary method for the firm's lawyers to communicate with clients, thus it is critical to have the email continuity service to avoid any possible email downtime. Derrick has been using the anti-spam service provided by MessageSafe for five years and is very happy with the quality of service provided by MessageSafe. In addition to the significant discount offered by MessageSafe, Derrick emphasized that he can also speed up the onboarding process since the firm already has a service contract in place with MessageSafe. The existing on-premises email continuity solution is about to reach its end of life very soon and he doesn't have the time or resource to look for another solution. Furthermore, the off-premises email continuity service will only be turned on when the email service at A&amp;M LLP's primary and secondary data centers are both down, and the email messages stored at MessageSafe site for continuity service will be automatically deleted after 30 days. <br \/>\r<br>Which of the following is the most effective control to enforce MessageSafe's implementation of appropriate technical countermeasures to protect the personal data received from A&amp;M LLP?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='342103' \/><input type='hidden' id='answerType342103' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342103[]' id='answer-id-1338297' class='answer   answerof-342103 ' value='1338297'   \/><label for='answer-id-1338297' id='answer-label-1338297' class=' answer'><span>MessageSafe must apply due diligence before trusting Cloud Inc. with the personal data received from A&amp;M LL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342103[]' id='answer-id-1338298' class='answer   answerof-342103 ' value='1338298'   \/><label for='answer-id-1338298' id='answer-label-1338298' class=' answer'><span>MessageSafe must flow-down its data protection contract terms with A&amp;M LLP to Cloud Inc.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342103[]' id='answer-id-1338299' class='answer   answerof-342103 ' value='1338299'   \/><label for='answer-id-1338299' id='answer-label-1338299' class=' answer'><span>MessageSafe must apply appropriate security controls on the cloud infrastructure.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342103[]' id='answer-id-1338300' class='answer   answerof-342103 ' value='1338300'   \/><label for='answer-id-1338300' id='answer-label-1338300' class=' answer'><span>MessageSafe must notify A&amp;M LLP of a data breach.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-342104'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>John is the new privacy officer at the prestigious international law firm C A&amp;M LLP. A&amp;M LLP is very proud of its reputation in the practice areas of Trusts &amp; Estates and Merger &amp; Acquisition in both U.S. and Europe. <br \/>\r<br>During lunch with a colleague from the Information Technology department, John heard that the Head of IT, Derrick, is about to outsource the firm's email continuity service to their existing email security vendor C MessageSafe. Being successful as an email hygiene vendor, MessageSafe is expanding its business by leasing cloud infrastructure from Cloud Inc. to host email continuity service for A&amp;M LLP. <br \/>\r<br>John is very concerned about this initiative. He recalled that MessageSafe was in the news six months ago due to a security breach. Immediately, John did a quick research of MessageSafe's previous breach and learned that the breach was caused by an unintentional mistake by an IT administrator. He scheduled a meeting with Derrick to address his concerns. <br \/>\r<br>At the meeting, Derrick emphasized that email is the primary method for the firm's lawyers to communicate with clients, thus it is critical to have the email continuity service to avoid any possible email downtime. Derrick has been using the anti-spam service provided by MessageSafe for five years and is very happy with the quality of service provided by MessageSafe. In addition to the significant discount offered by MessageSafe, Derrick emphasized that he can also speed up the onboarding process since the firm already has a service contract in place with MessageSafe. The existing on-premises email continuity solution is about to reach its end of life very soon and he doesn't have the time or resource to look for another solution. Furthermore, the off- premises email continuity service will only be turned on when the email service at A&amp;M LLP's primary and secondary data centers are both down, and the email messages stored at MessageSafe site for continuity service will be automatically deleted after 30 days. <br \/>\r<br>Which of the following is a TRUE statement about the relationship among the organizations?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='342104' \/><input type='hidden' id='answerType342104' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342104[]' id='answer-id-1338301' class='answer   answerof-342104 ' value='1338301'   \/><label for='answer-id-1338301' id='answer-label-1338301' class=' answer'><span>Cloud Inc. must notify A&amp;M LLP of a data breach immediately.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342104[]' id='answer-id-1338302' class='answer   answerof-342104 ' value='1338302'   \/><label for='answer-id-1338302' id='answer-label-1338302' class=' answer'><span>MessageSafe is liable if Cloud Inc. fails to protect data from A&amp;M LL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342104[]' id='answer-id-1338303' class='answer   answerof-342104 ' value='1338303'   \/><label for='answer-id-1338303' id='answer-label-1338303' class=' answer'><span>Cloud Inc. should enter into a data processor agreement with A&amp;M LL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342104[]' id='answer-id-1338304' class='answer   answerof-342104 ' value='1338304'   \/><label for='answer-id-1338304' id='answer-label-1338304' class=' answer'><span>A&amp;M LLP's service contract must be amended to list Cloud Inc. as a sub-processor.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-342105'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>John is the new privacy officer at the prestigious international law firm C A&amp;M LLP. A&amp;M LLP is very proud of its reputation in the practice areas of Trusts &amp; Estates and Merger &amp; Acquisition in both U.S. and Europe. <br \/>\r<br>During lunch with a colleague from the Information Technology department, John heard that the Head of IT, Derrick, is about to outsource the firm's email continuity service to their existing email security vendor C MessageSafe. Being successful as an email hygiene vendor, MessageSafe is expanding its business by leasing cloud infrastructure from Cloud Inc. to host email continuity service for A&amp;M LLP. <br \/>\r<br>John is very concerned about this initiative. He recalled that MessageSafe was in the news six months ago due to a security breach. Immediately, John did a quick research of MessageSafe's previous breach and learned that the breach was caused by an unintentional mistake by an IT administrator. He scheduled a meeting with Derrick to address his concerns. <br \/>\r<br>At the meeting, Derrick emphasized that email is the primary method for the firm's lawyers to communicate with clients, thus it is critical to have the email continuity service to avoid any possible email downtime. Derrick has been using the anti-spam service provided by MessageSafe for five years and is very happy with the quality of service provided by MessageSafe. In addition to the significant discount offered by MessageSafe, Derrick emphasized that he can also speed up the onboarding process since the firm already has a service contract in place with MessageSafe. The existing on-premises email continuity solution is about to reach its end of life very soon and he doesn't have the time or resource to look for another solution. Furthermore, the off- premises email continuity service will only be turned on when the email service at A&amp;M LLP's primary and secondary data centers are both down, and the email messages stored at MessageSafe site for continuity service will be automatically deleted after 30 days. <br \/>\r<br>Which of the following is NOT an obligation of MessageSafe as the email continuity service provider for A&amp;M LLP?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='342105' \/><input type='hidden' id='answerType342105' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342105[]' id='answer-id-1338305' class='answer   answerof-342105 ' value='1338305'   \/><label for='answer-id-1338305' id='answer-label-1338305' class=' answer'><span>Privacy compliance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342105[]' id='answer-id-1338306' class='answer   answerof-342105 ' value='1338306'   \/><label for='answer-id-1338306' id='answer-label-1338306' class=' answer'><span>Security commitment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342105[]' id='answer-id-1338307' class='answer   answerof-342105 ' value='1338307'   \/><label for='answer-id-1338307' id='answer-label-1338307' class=' answer'><span>Certifications to relevant frameworks.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342105[]' id='answer-id-1338308' class='answer   answerof-342105 ' value='1338308'   \/><label for='answer-id-1338308' id='answer-label-1338308' class=' answer'><span>Data breach notification to A&amp;M LL<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-342106'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>In privacy protection, what is a &quot;covered entity&quot;?<\/div><input type='hidden' name='question_id[]' id='qID_23' value='342106' \/><input type='hidden' id='answerType342106' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342106[]' id='answer-id-1338309' class='answer   answerof-342106 ' value='1338309'   \/><label for='answer-id-1338309' id='answer-label-1338309' class=' answer'><span>Personal data collected by a privacy organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342106[]' id='answer-id-1338310' class='answer   answerof-342106 ' value='1338310'   \/><label for='answer-id-1338310' id='answer-label-1338310' class=' answer'><span>An organization subject to the privacy provisions of HIPA<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342106[]' id='answer-id-1338311' class='answer   answerof-342106 ' value='1338311'   \/><label for='answer-id-1338311' id='answer-label-1338311' class=' answer'><span>A privacy office or team fully responsible for protecting personal information.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342106[]' id='answer-id-1338312' class='answer   answerof-342106 ' value='1338312'   \/><label for='answer-id-1338312' id='answer-label-1338312' class=' answer'><span>Hidden gaps in privacy protection that may go unnoticed without expert analysis.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-342107'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?<\/div><input type='hidden' name='question_id[]' id='qID_24' value='342107' \/><input type='hidden' id='answerType342107' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342107[]' id='answer-id-1338313' class='answer   answerof-342107 ' value='1338313'   \/><label for='answer-id-1338313' id='answer-label-1338313' class=' answer'><span>Employees must sign an ad hoc contractual agreement each time personal data is exported.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342107[]' id='answer-id-1338314' class='answer   answerof-342107 ' value='1338314'   \/><label for='answer-id-1338314' id='answer-label-1338314' class=' answer'><span>All employees are subject to the rules in their entirety, regardless of where the work is taking place.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342107[]' id='answer-id-1338315' class='answer   answerof-342107 ' value='1338315'   \/><label for='answer-id-1338315' id='answer-label-1338315' class=' answer'><span>All employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342107[]' id='answer-id-1338316' class='answer   answerof-342107 ' value='1338316'   \/><label for='answer-id-1338316' id='answer-label-1338316' class=' answer'><span>Employees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-342108'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office's strategies for growth. <br \/>\r<br>Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier\/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year's end. <br \/>\r<br>Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed. <br \/>\r<br>Richard believes that a transition from the use of fax machine to Internet faxing provides all of the following security benefits EXCEPT?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='342108' \/><input type='hidden' id='answerType342108' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342108[]' id='answer-id-1338317' class='answer   answerof-342108 ' value='1338317'   \/><label for='answer-id-1338317' id='answer-label-1338317' class=' answer'><span>Greater accessibility to the faxes at an off-site location.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342108[]' id='answer-id-1338318' class='answer   answerof-342108 ' value='1338318'   \/><label for='answer-id-1338318' id='answer-label-1338318' class=' answer'><span>The ability to encrypt the transmitted faxes through a secure server.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342108[]' id='answer-id-1338319' class='answer   answerof-342108 ' value='1338319'   \/><label for='answer-id-1338319' id='answer-label-1338319' class=' answer'><span>Reduction of the risk of data being seen or copied by unauthorized personnel.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342108[]' id='answer-id-1338320' class='answer   answerof-342108 ' value='1338320'   \/><label for='answer-id-1338320' id='answer-label-1338320' class=' answer'><span>The ability to store faxes electronically, either on the user's PC or a password-protected network server.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-342109'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office's strategies for growth. <br \/>\r<br>Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier\/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year's end. <br \/>\r<br>Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed. <br \/>\r<br>As Richard begins to research more about Data Lifecycle Management (DLM), he discovers that the law office can lower the risk of a data breach by doing what?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='342109' \/><input type='hidden' id='answerType342109' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342109[]' id='answer-id-1338321' class='answer   answerof-342109 ' value='1338321'   \/><label for='answer-id-1338321' id='answer-label-1338321' class=' answer'><span>Prioritizing the data by order of importance.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342109[]' id='answer-id-1338322' class='answer   answerof-342109 ' value='1338322'   \/><label for='answer-id-1338322' id='answer-label-1338322' class=' answer'><span>Minimizing the time it takes to retrieve the sensitive data.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342109[]' id='answer-id-1338323' class='answer   answerof-342109 ' value='1338323'   \/><label for='answer-id-1338323' id='answer-label-1338323' class=' answer'><span>Reducing the volume and the type of data that is stored in its system.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342109[]' id='answer-id-1338324' class='answer   answerof-342109 ' value='1338324'   \/><label for='answer-id-1338324' id='answer-label-1338324' class=' answer'><span>Increasing the number of experienced staff to code and categorize the incoming data.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-342110'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office's strategies for growth. <br \/>\r<br>Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier\/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year's end. <br \/>\r<br>Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed. <br \/>\r<br>Which of the following policy statements needs additional instructions in order to further protect the personal data of their clients?<\/div><input type='hidden' name='question_id[]' id='qID_27' value='342110' \/><input type='hidden' id='answerType342110' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342110[]' id='answer-id-1338325' class='answer   answerof-342110 ' value='1338325'   \/><label for='answer-id-1338325' id='answer-label-1338325' class=' answer'><span>All faxes sent from the office must be documented and the phone number used must be double checked to ensure a safe arrival.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342110[]' id='answer-id-1338326' class='answer   answerof-342110 ' value='1338326'   \/><label for='answer-id-1338326' id='answer-label-1338326' class=' answer'><span>All unused copies, prints, and faxes must be discarded in a designated recycling bin located near the work station and emptied daily.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342110[]' id='answer-id-1338327' class='answer   answerof-342110 ' value='1338327'   \/><label for='answer-id-1338327' id='answer-label-1338327' class=' answer'><span>Before any copiers, printers, or fax machines are replaced or resold, the hard drives of these devices must be deleted before leaving the office.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342110[]' id='answer-id-1338328' class='answer   answerof-342110 ' value='1338328'   \/><label for='answer-id-1338328' id='answer-label-1338328' class=' answer'><span>When sending a print job containing personal data, the user must not leave the information visible on the computer screen following the print command and must retrieve the printed document immediately.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-342111'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office's strategies for growth. <br \/>\r<br>Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier\/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year's end. <br \/>\r<br>Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed. <br \/>\r<br>Richard needs to closely monitor the vendor in charge of creating the firm's database mainly because of what?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='342111' \/><input type='hidden' id='answerType342111' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342111[]' id='answer-id-1338329' class='answer   answerof-342111 ' value='1338329'   \/><label for='answer-id-1338329' id='answer-label-1338329' class=' answer'><span>The vendor will be required to report any privacy violations to the appropriate authorities.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342111[]' id='answer-id-1338330' class='answer   answerof-342111 ' value='1338330'   \/><label for='answer-id-1338330' id='answer-label-1338330' class=' answer'><span>The vendor may not be aware of the privacy implications involved in the project.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342111[]' id='answer-id-1338331' class='answer   answerof-342111 ' value='1338331'   \/><label for='answer-id-1338331' id='answer-label-1338331' class=' answer'><span>The vendor may not be forthcoming about the vulnerabilities of the database.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342111[]' id='answer-id-1338332' class='answer   answerof-342111 ' value='1338332'   \/><label for='answer-id-1338332' id='answer-label-1338332' class=' answer'><span>The vendor will be in direct contact with all of the law firm's personal data.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-342112'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>What should be the first major goal of a company developing a new privacy program?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='342112' \/><input type='hidden' id='answerType342112' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342112[]' id='answer-id-1338333' class='answer   answerof-342112 ' value='1338333'   \/><label for='answer-id-1338333' id='answer-label-1338333' class=' answer'><span>To survey potential funding sources for privacy team resources.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342112[]' id='answer-id-1338334' class='answer   answerof-342112 ' value='1338334'   \/><label for='answer-id-1338334' id='answer-label-1338334' class=' answer'><span>To schedule conversations with executives of affected departments.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342112[]' id='answer-id-1338335' class='answer   answerof-342112 ' value='1338335'   \/><label for='answer-id-1338335' id='answer-label-1338335' class=' answer'><span>To identify potential third-party processors of the organization's information.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342112[]' id='answer-id-1338336' class='answer   answerof-342112 ' value='1338336'   \/><label for='answer-id-1338336' id='answer-label-1338336' class=' answer'><span>To create Data Lifecycle Management policies and procedures to limit data collection.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-342113'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>Which is TRUE about the scope and authority of data protection oversight authorities?<\/div><input type='hidden' name='question_id[]' id='qID_30' value='342113' \/><input type='hidden' id='answerType342113' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342113[]' id='answer-id-1338337' class='answer   answerof-342113 ' value='1338337'   \/><label for='answer-id-1338337' id='answer-label-1338337' class=' answer'><span>The Office of the Privacy Commissioner (OPC) of Canada has the right to impose financial sanctions on violators.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342113[]' id='answer-id-1338338' class='answer   answerof-342113 ' value='1338338'   \/><label for='answer-id-1338338' id='answer-label-1338338' class=' answer'><span>All authority in the European Union rests with the Data Protection Commission (DPC).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342113[]' id='answer-id-1338339' class='answer   answerof-342113 ' value='1338339'   \/><label for='answer-id-1338339' id='answer-label-1338339' class=' answer'><span>No one agency officially oversees the enforcement of privacy regulations in the United States.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342113[]' id='answer-id-1338340' class='answer   answerof-342113 ' value='1338340'   \/><label for='answer-id-1338340' id='answer-label-1338340' class=' answer'><span>The Asia-Pacific Economic Cooperation (APEC) Privacy Frameworks require all member nations to designate a national data protection authority.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-342114'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>What should a privacy professional keep in mind when selecting which metrics to collect?<\/div><input type='hidden' name='question_id[]' id='qID_31' value='342114' \/><input type='hidden' id='answerType342114' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342114[]' id='answer-id-1338341' class='answer   answerof-342114 ' value='1338341'   \/><label for='answer-id-1338341' id='answer-label-1338341' class=' answer'><span>Metrics should be reported to the public.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342114[]' id='answer-id-1338342' class='answer   answerof-342114 ' value='1338342'   \/><label for='answer-id-1338342' id='answer-label-1338342' class=' answer'><span>The number of metrics should be limited at first.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342114[]' id='answer-id-1338343' class='answer   answerof-342114 ' value='1338343'   \/><label for='answer-id-1338343' id='answer-label-1338343' class=' answer'><span>Metrics should reveal strategies for increasing company earnings.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342114[]' id='answer-id-1338344' class='answer   answerof-342114 ' value='1338344'   \/><label for='answer-id-1338344' id='answer-label-1338344' class=' answer'><span>A variety of metrics should be collected before determining their specific functions.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-342115'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her long-time business partner Sadie, Amira has watched the company grow into a major competitor in the green energy market. The current line of products includes wind turbines, solar energy panels, and equipment for geothermal systems. A talented team of developers means that NatGen's line of products will only continue to grow. <br \/>\r<br>With the expansion, Amira and Sadie have received advice from new senior staff members brought on to help manage the company's growth. One recent suggestion has been to combine the legal and security functions of the company to ensure observance of privacy laws and the company's own privacy policy. This sounds overly complicated to Amira, who wants departments to be able to use, collect, store, and dispose of customer data in ways that will best suit their needs. She does not want administrative oversight and complex structuring to get in the way of people doing innovative work. <br \/>\r<br>Sadie has a similar outlook. The new Chief Information Officer (CIO) has proposed what Sadie believes is an unnecessarily long timetable for designing a new privacy program. She has assured him that NatGen will use the best possible equipment for electronic storage of customer and employee data. She simply needs a list of equipment and an estimate of its cost. But the CIO insists that many issues are necessary to consider before the company gets to that stage. <br \/>\r<br>Regardless, Sadie and Amira insist on giving employees space to do their jobs. Both CEOs want to entrust the monitoring of employee policy compliance to low-level managers. Amira and Sadie believe these managers can adjust the company privacy policy according to what works best for their particular departments. NatGen's CEOs know that flexible interpretations of the privacy policy in the name of promoting green energy would be highly unlikely to raise any concerns with their customer base, as long as the data is always used in course of normal business activities. <br \/>\r<br>Perhaps what has been most perplexing to Sadie and Amira has been the CIO's recommendation to institute a privacy compliance hotline. Sadie and Amira have relented on this point, but they hope to compromise by allowing employees to take turns handling reports of privacy policy violations. The implementation will be easy because the employees need no special preparation. They will simply have to document any concerns they hear. <br \/>\r<br>Sadie and Amira are aware that it will be challenging to stay true to their principles and guard against corporate culture strangling creativity and employee morale. They hope that all senior staff will see the benefit of trying a unique approach. <br \/>\r<br>What Data Lifecycle Management (DLM) principle should the company follow if they end up allowing departments to interpret the privacy policy differently?<\/div><input type='hidden' name='question_id[]' id='qID_32' value='342115' \/><input type='hidden' id='answerType342115' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342115[]' id='answer-id-1338345' class='answer   answerof-342115 ' value='1338345'   \/><label for='answer-id-1338345' id='answer-label-1338345' class=' answer'><span>Prove the authenticity of the company's records.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342115[]' id='answer-id-1338346' class='answer   answerof-342115 ' value='1338346'   \/><label for='answer-id-1338346' id='answer-label-1338346' class=' answer'><span>Arrange for official credentials for staff members.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342115[]' id='answer-id-1338347' class='answer   answerof-342115 ' value='1338347'   \/><label for='answer-id-1338347' id='answer-label-1338347' class=' answer'><span>Adequately document reasons for inconsistencies.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342115[]' id='answer-id-1338348' class='answer   answerof-342115 ' value='1338348'   \/><label for='answer-id-1338348' id='answer-label-1338348' class=' answer'><span>Create categories to reflect degrees of data importance.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-342116'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her long-time business partner Sadie, Amira has watched the company grow into a major competitor in the green energy market. The current line of products includes wind turbines, solar energy panels, and equipment for geothermal systems. A talented team of developers means that NatGen's line of products will only continue to grow. <br \/>\r<br>With the expansion, Amira and Sadie have received advice from new senior staff members brought on to help manage the company's growth. One recent suggestion has been to combine the legal and security functions of the company to ensure observance of privacy laws and the company's own privacy policy. This sounds overly complicated to Amira, who wants departments to be able to use, collect, store, and dispose of customer data in ways that will best suit their needs. She does not want administrative oversight and complex structuring to get in the way of people doing innovative work. <br \/>\r<br>Sadie has a similar outlook. The new Chief Information Officer (CIO) has proposed what Sadie believes is an unnecessarily long timetable for designing a new privacy program. She has assured him that NatGen will use the best possible equipment for electronic storage of customer and employee data. She simply needs a list of equipment and an estimate of its cost. But the CIO insists that many issues are necessary to consider before the company gets to that stage. <br \/>\r<br>Regardless, Sadie and Amira insist on giving employees space to do their jobs. Both CEOs want to entrust the monitoring of employee policy compliance to low-level managers. Amira and Sadie believe these managers can adjust the company privacy policy according to what works best for their particular departments. NatGen's CEOs know that flexible interpretations of the privacy policy in the name of promoting green energy would be highly unlikely to raise any concerns with their customer base, as long as the data is always used in course of normal business activities. <br \/>\r<br>Perhaps what has been most perplexing to Sadie and Amira has been the CIO's recommendation to institute a privacy compliance hotline. Sadie and Amira have relented on this point, but they hope to compromise by allowing employees to take turns handling reports of privacy policy violations. The implementation will be easy because the employees need no special preparation. They will simply have to document any concerns they hear. <br \/>\r<br>Sadie and Amira are aware that it will be challenging to stay true to their principles and guard against corporate culture strangling creativity and employee morale. They hope that all senior staff will see the benefit of trying a unique approach. <br \/>\r<br>What is the most likely reason the Chief Information Officer (CIO) believes that generating a list of needed IT equipment is NOT adequate?<\/div><input type='hidden' name='question_id[]' id='qID_33' value='342116' \/><input type='hidden' id='answerType342116' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342116[]' id='answer-id-1338349' class='answer   answerof-342116 ' value='1338349'   \/><label for='answer-id-1338349' id='answer-label-1338349' class=' answer'><span>The company needs to have policies and procedures in place to guide the purchasing decisions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342116[]' id='answer-id-1338350' class='answer   answerof-342116 ' value='1338350'   \/><label for='answer-id-1338350' id='answer-label-1338350' class=' answer'><span>The privacy notice for customers and the Business Continuity Plan (BCP) still need to be reviewed.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342116[]' id='answer-id-1338351' class='answer   answerof-342116 ' value='1338351'   \/><label for='answer-id-1338351' id='answer-label-1338351' class=' answer'><span>Staff members across departments need time to review technical information concerning any new databases.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342116[]' id='answer-id-1338352' class='answer   answerof-342116 ' value='1338352'   \/><label for='answer-id-1338352' id='answer-label-1338352' class=' answer'><span>Senior staff members need to first commit to adopting a minimum number of Privacy Enhancing Technologies (PETs).<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-342117'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her long-time business partner Sadie, Amira has watched the company grow into a major competitor in the green energy market. The current line of products includes wind turbines, solar energy panels, and equipment for geothermal systems. A talented team of developers means that NatGen's line of products will only continue to grow. <br \/>\r<br>With the expansion, Amira and Sadie have received advice from new senior staff members brought on to help manage the company's growth. One recent suggestion has been to combine the legal and security functions of the company to ensure observance of privacy laws and the company's own privacy policy. This sounds overly complicated to Amira, who wants departments to be able to use, collect, store, and dispose of customer data in ways that will best suit their needs. She does not want administrative oversight and complex structuring to get in the way of people doing innovative work. <br \/>\r<br>Sadie has a similar outlook. The new Chief Information Officer (CIO) has proposed what Sadie believes is an unnecessarily long timetable for designing a new privacy program. She has assured him that NatGen will use the best possible equipment for electronic storage of customer and employee data. She simply needs a list of equipment and an estimate of its cost. But the CIO insists that many issues are necessary to consider before the company gets to that stage. <br \/>\r<br>Regardless, Sadie and Amira insist on giving employees space to do their jobs. Both CEOs want to entrust the monitoring of employee policy compliance to low-level managers. Amira and Sadie believe these managers can adjust the company privacy policy according to what works best for their particular departments. NatGen's CEOs know that flexible interpretations of the privacy policy in the name of promoting green energy would be highly unlikely to raise any concerns with their customer base, as long as the data is always used in course of normal business activities. <br \/>\r<br>Perhaps what has been most perplexing to Sadie and Amira has been the CIO's recommendation to institute a privacy compliance hotline. Sadie and Amira have relented on this point, but they hope to compromise by allowing employees to take turns handling reports of privacy policy violations. The implementation will be easy because the employees need no special preparation. They will simply have to document any concerns they hear. <br \/>\r<br>Sadie and Amira are aware that it will be challenging to stay true to their principles and guard against corporate culture strangling creativity and employee morale. They hope that all senior staff will see the benefit of trying a unique approach. <br \/>\r<br>If Amira and Sadie's ideas about adherence to the company's privacy policy go unchecked, the Federal Communications Commission (FCC) could potentially take action against NatGen for what?<\/div><input type='hidden' name='question_id[]' id='qID_34' value='342117' \/><input type='hidden' id='answerType342117' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342117[]' id='answer-id-1338353' class='answer   answerof-342117 ' value='1338353'   \/><label for='answer-id-1338353' id='answer-label-1338353' class=' answer'><span>Deceptive practices.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342117[]' id='answer-id-1338354' class='answer   answerof-342117 ' value='1338354'   \/><label for='answer-id-1338354' id='answer-label-1338354' class=' answer'><span>Failing to institute the hotline.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342117[]' id='answer-id-1338355' class='answer   answerof-342117 ' value='1338355'   \/><label for='answer-id-1338355' id='answer-label-1338355' class=' answer'><span>Failure to notify of processing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342117[]' id='answer-id-1338356' class='answer   answerof-342117 ' value='1338356'   \/><label for='answer-id-1338356' id='answer-label-1338356' class=' answer'><span>Negligence in consistent training.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-342118'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her long-time business partner Sadie, Amira has watched the company grow into a major competitor in the green energy market. The current line of products includes wind turbines, solar <br \/>\r<br>energy panels, and equipment for geothermal systems. A talented team of developers means that NatGen's line of products will only continue to grow. <br \/>\r<br>With the expansion, Amira and Sadie have received advice from new senior staff members brought on to help manage the company's growth. One recent suggestion has been to combine the legal and security functions of the company to ensure observance of privacy laws and the company's own privacy policy. This sounds overly complicated to Amira, who wants departments to be able to use, collect, store, and dispose of customer data in ways that will best suit their needs. She does not want administrative oversight and complex structuring to get in the way of people doing innovative work. <br \/>\r<br>Sadie has a similar outlook. The new Chief Information Officer (CIO) has proposed what Sadie believes is an unnecessarily long timetable for designing a new privacy program. She has assured him that NatGen will use the best possible equipment for electronic storage of customer and employee data. She simply needs a list of equipment and an estimate of its cost. But the CIO insists that many issues are necessary to consider before the company gets to that stage. <br \/>\r<br>Regardless, Sadie and Amira insist on giving employees space to do their jobs. Both CEOs want to entrust the monitoring of employee policy compliance to low-level managers. Amira and Sadie believe these managers can adjust the company privacy policy according to what works best for their particular departments. NatGen's CEOs know that flexible interpretations of the privacy policy in the name of promoting green energy would be highly unlikely to raise any concerns with their customer base, as long as the data is always used in course of normal business activities. <br \/>\r<br>Perhaps what has been most perplexing to Sadie and Amira has been the CIO's recommendation to institute a privacy compliance hotline. Sadie and Amira have relented on this point, but they hope to compromise by allowing employees to take turns handling reports of privacy policy violations. The implementation will be easy because the employees need no special preparation. They will simply have to document any concerns they hear. <br \/>\r<br>Sadie and Amira are aware that it will be challenging to stay true to their principles and guard against corporate culture strangling creativity and employee morale. They hope that all senior staff will see the benefit of trying a unique approach. <br \/>\r<br>Based on the scenario, what additional change will increase the effectiveness of the privacy compliance hotline?<\/div><input type='hidden' name='question_id[]' id='qID_35' value='342118' \/><input type='hidden' id='answerType342118' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342118[]' id='answer-id-1338357' class='answer   answerof-342118 ' value='1338357'   \/><label for='answer-id-1338357' id='answer-label-1338357' class=' answer'><span>Outsourcing the hotline.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342118[]' id='answer-id-1338358' class='answer   answerof-342118 ' value='1338358'   \/><label for='answer-id-1338358' id='answer-label-1338358' class=' answer'><span>A system for staff education.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342118[]' id='answer-id-1338359' class='answer   answerof-342118 ' value='1338359'   \/><label for='answer-id-1338359' id='answer-label-1338359' class=' answer'><span>Strict communication channels.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342118[]' id='answer-id-1338360' class='answer   answerof-342118 ' value='1338360'   \/><label for='answer-id-1338360' id='answer-label-1338360' class=' answer'><span>An ethics complaint department.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-342119'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>If an organization maintains a separate ethics office, to whom would its officer typically report to in order to retain the greatest degree of independence?<\/div><input type='hidden' name='question_id[]' id='qID_36' value='342119' \/><input type='hidden' id='answerType342119' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342119[]' id='answer-id-1338361' class='answer   answerof-342119 ' value='1338361'   \/><label for='answer-id-1338361' id='answer-label-1338361' class=' answer'><span>The Board of Directors.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342119[]' id='answer-id-1338362' class='answer   answerof-342119 ' value='1338362'   \/><label for='answer-id-1338362' id='answer-label-1338362' class=' answer'><span>The Chief Financial Officer.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342119[]' id='answer-id-1338363' class='answer   answerof-342119 ' value='1338363'   \/><label for='answer-id-1338363' id='answer-label-1338363' class=' answer'><span>The Human Resources Director.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342119[]' id='answer-id-1338364' class='answer   answerof-342119 ' value='1338364'   \/><label for='answer-id-1338364' id='answer-label-1338364' class=' answer'><span>The organization's General Counsel.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-342120'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>What is a key feature of the privacy metric template adapted from the National Institute of Standards and Technology (NIST)?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='342120' \/><input type='hidden' id='answerType342120' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342120[]' id='answer-id-1338365' class='answer   answerof-342120 ' value='1338365'   \/><label for='answer-id-1338365' id='answer-label-1338365' class=' answer'><span>It provides suggestions about how to collect and measure data.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342120[]' id='answer-id-1338366' class='answer   answerof-342120 ' value='1338366'   \/><label for='answer-id-1338366' id='answer-label-1338366' class=' answer'><span>It can be tailored to an organization's particular needs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342120[]' id='answer-id-1338367' class='answer   answerof-342120 ' value='1338367'   \/><label for='answer-id-1338367' id='answer-label-1338367' class=' answer'><span>It is updated annually to reflect changes in government policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342120[]' id='answer-id-1338368' class='answer   answerof-342120 ' value='1338368'   \/><label for='answer-id-1338368' id='answer-label-1338368' class=' answer'><span>It is focused on organizations that do business internationally.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-342121'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>What United States federal law requires financial institutions to declare their personal data collection practices?<\/div><input type='hidden' name='question_id[]' id='qID_38' value='342121' \/><input type='hidden' id='answerType342121' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342121[]' id='answer-id-1338369' class='answer   answerof-342121 ' value='1338369'   \/><label for='answer-id-1338369' id='answer-label-1338369' class=' answer'><span>The Kennedy-Hatch Disclosure Act of 1997.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342121[]' id='answer-id-1338370' class='answer   answerof-342121 ' value='1338370'   \/><label for='answer-id-1338370' id='answer-label-1338370' class=' answer'><span>The Gramm-Leach-Bliley Act of 1999.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342121[]' id='answer-id-1338371' class='answer   answerof-342121 ' value='1338371'   \/><label for='answer-id-1338371' id='answer-label-1338371' class=' answer'><span>SUPCLA, or the federal Superprivacy Act of 2001.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342121[]' id='answer-id-1338372' class='answer   answerof-342121 ' value='1338372'   \/><label for='answer-id-1338372' id='answer-label-1338372' class=' answer'><span>The Financial Portability and Accountability Act of 2006.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-342122'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have been worse. However, you have not had a reportable incident for the three years that you have been with the company. In fact, you consider your program a model that others in the data storage industry may note in their own program development. <br \/>\r<br>You started the program at Consolidated from a jumbled mix of policies and procedures and worked toward coherence across departments and throughout operations. You were aided along the way by the program's sponsor, the vice president of operations, as well as by a Privacy Team that started from a clear understanding of the need for change. <br \/>\r<br>Initially, your work was greeted with little confidence or enthusiasm by the company's &quot;old guard&quot; among both the executive team and frontline personnel working with data and interfacing with clients. Through the use of metrics that showed the costs not only of the breaches that had occurred, but also projections of the costs that easily could occur given the current state of operations, you soon had the leaders and key decision-makers largely on your side. Many of the other employees were more resistant, but face-to-face meetings with each department and the development of a baseline privacy training program achieved sufficient &quot;buy-in&quot; to begin putting the proper procedures into place. <br \/>\r<br>Now, privacy protection is an accepted component of all current operations involving personal or protected data and must be part of the end product of any process of technological development. <br \/>\r<br>While your approach is not systematic, it is fairly effective. <br \/>\r<br>You are left contemplating: <br \/>\r<br>What must be done to maintain the program and develop it beyond just a data breach prevention program? <br \/>\r<br>How can you build on your success? <br \/>\r<br>What are the next action steps? <br \/>\r<br>Which of the following would be most effectively used as a guide to a systems approach to implementing data protection?<\/div><input type='hidden' name='question_id[]' id='qID_39' value='342122' \/><input type='hidden' id='answerType342122' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342122[]' id='answer-id-1338373' class='answer   answerof-342122 ' value='1338373'   \/><label for='answer-id-1338373' id='answer-label-1338373' class=' answer'><span>Data Lifecycle Management Standards.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342122[]' id='answer-id-1338374' class='answer   answerof-342122 ' value='1338374'   \/><label for='answer-id-1338374' id='answer-label-1338374' class=' answer'><span>United Nations Privacy Agency Standards.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342122[]' id='answer-id-1338375' class='answer   answerof-342122 ' value='1338375'   \/><label for='answer-id-1338375' id='answer-label-1338375' class=' answer'><span>International Organization for Standardization 9000 Series.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342122[]' id='answer-id-1338376' class='answer   answerof-342122 ' value='1338376'   \/><label for='answer-id-1338376' id='answer-label-1338376' class=' answer'><span>International Organization for Standardization 27000 Series.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-40' style=';'><div id='questionWrap-40'  class='   watupro-question-id-342123'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>40. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have been worse. However, you have not had a reportable incident for the three years that you have been with the company. In fact, you consider your program a model that others in the data storage industry may note in their own program development. <br \/>\r<br>You started the program at Consolidated from a jumbled mix of policies and procedures and worked toward coherence across departments and throughout operations. You were aided along the way by the program's sponsor, the vice president of operations, as well as by a Privacy Team that started from a clear understanding of the need for change. <br \/>\r<br>Initially, your work was greeted with little confidence or enthusiasm by the company's &quot;old guard&quot; among both the executive team and frontline personnel working with data and interfacing with clients. Through the use of metrics that showed the costs not only of the breaches that had occurred, but also projections of the costs that easily could occur given the current state of operations, you soon had the leaders and key decision-makers largely on your side. Many of the other employees were more resistant, but face-to-face meetings with each department and the development of a baseline privacy training program achieved sufficient &quot;buy-in&quot; to begin putting the proper procedures into place. <br \/>\r<br>Now, privacy protection is an accepted component of all current operations involving personal or protected data and must be part of the end product of any process of technological development. While your approach is not systematic, it is fairly effective. <br \/>\r<br>You are left contemplating: <br \/>\r<br>What must be done to maintain the program and develop it beyond just a data breach prevention <br \/>\r<br>program? How can you build on your success? <br \/>\r<br>What are the next action steps? <br \/>\r<br>How can Consolidated's privacy training program best be further developed?<\/div><input type='hidden' name='question_id[]' id='qID_40' value='342123' \/><input type='hidden' id='answerType342123' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342123[]' id='answer-id-1338377' class='answer   answerof-342123 ' value='1338377'   \/><label for='answer-id-1338377' id='answer-label-1338377' class=' answer'><span>Through targeted curricula designed for specific departments.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342123[]' id='answer-id-1338378' class='answer   answerof-342123 ' value='1338378'   \/><label for='answer-id-1338378' id='answer-label-1338378' class=' answer'><span>By adopting e-learning to reduce the need for instructors.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342123[]' id='answer-id-1338379' class='answer   answerof-342123 ' value='1338379'   \/><label for='answer-id-1338379' id='answer-label-1338379' class=' answer'><span>By using industry standard off-the-shelf programs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342123[]' id='answer-id-1338380' class='answer   answerof-342123 ' value='1338380'   \/><label for='answer-id-1338380' id='answer-label-1338380' class=' answer'><span>Through a review of recent data breaches.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-41' style=';'><div id='questionWrap-41'  class='   watupro-question-id-342124'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>41. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have been worse. However, you have not had a reportable incident for the three years that you have been with the company. In fact, you consider your program a model that others in the data storage industry may note in their own program development. <br \/>\r<br>You started the program at Consolidated from a jumbled mix of policies and procedures and worked toward coherence across departments and throughout operations. You were aided along the way by the program's sponsor, the vice president of operations, as well as by a Privacy Team that started from a clear understanding of the need for change. <br \/>\r<br>Initially, your work was greeted with little confidence or enthusiasm by the company's &quot;old guard&quot; among both the executive team and frontline personnel working with data and interfacing with clients. Through the use of metrics that showed the costs not only of the breaches that had occurred, but also projections of the costs that easily could occur given the current state of operations, you soon had the leaders and key decision-makers largely on your side. Many of the other employees were more resistant, but face-to-face meetings with each department and the development of a baseline privacy training program achieved sufficient &quot;buy-in&quot; to begin putting the proper procedures into place. <br \/>\r<br>Now, privacy protection is an accepted component of all current operations involving personal or protected data and must be part of the end product of any process of technological development. While your approach is not systematic, it is fairly effective. <br \/>\r<br>You are left contemplating: <br \/>\r<br>What must be done to maintain the program and develop it beyond just a data breach prevention program? How can you build on your success? <br \/>\r<br>What are the next action steps? <br \/>\r<br>What stage of the privacy operational life cycle best describes Consolidated's current privacy program?<\/div><input type='hidden' name='question_id[]' id='qID_41' value='342124' \/><input type='hidden' id='answerType342124' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342124[]' id='answer-id-1338381' class='answer   answerof-342124 ' value='1338381'   \/><label for='answer-id-1338381' id='answer-label-1338381' class=' answer'><span>Assess.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342124[]' id='answer-id-1338382' class='answer   answerof-342124 ' value='1338382'   \/><label for='answer-id-1338382' id='answer-label-1338382' class=' answer'><span>Protect.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342124[]' id='answer-id-1338383' class='answer   answerof-342124 ' value='1338383'   \/><label for='answer-id-1338383' id='answer-label-1338383' class=' answer'><span>Respond.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342124[]' id='answer-id-1338384' class='answer   answerof-342124 ' value='1338384'   \/><label for='answer-id-1338384' id='answer-label-1338384' class=' answer'><span>Sustain.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-42' style=';'><div id='questionWrap-42'  class='   watupro-question-id-342125'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>42. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have been worse. However, you have not had a reportable incident for the three years that you have been with the company. In fact, you consider your program a model that others in the data storage industry may note in their own program development. <br \/>\r<br>You started the program at Consolidated from a jumbled mix of policies and procedures and worked toward coherence across departments and throughout operations. You were aided along the way by the program's sponsor, the vice president of operations, as well as by a Privacy Team that started from a clear understanding of the need for change. <br \/>\r<br>Initially, your work was greeted with little confidence or enthusiasm by the company's &quot;old guard&quot; among both the executive team and frontline personnel working with data and interfacing with clients. Through the use of metrics that showed the costs not only of the breaches that had occurred, but also projections of the costs that easily could occur given the current state of operations, you soon had the leaders and key decision-makers largely on your side. Many of the other employees were more resistant, but face-to-face meetings with each department and the development of a baseline privacy training program achieved sufficient &quot;buy-in&quot; to begin putting the proper procedures into place. <br \/>\r<br>Now, privacy protection is an accepted component of all current operations involving personal or protected data and must be part of the end product of any process of technological development. While your approach is not systematic, it is fairly effective. <br \/>\r<br>You are left contemplating: <br \/>\r<br>What must be done to maintain the program and develop it beyond just a data breach prevention program? How can you build on your success? <br \/>\r<br>What are the next action steps? <br \/>\r<br>What practice would afford the Director the most rigorous way to check on the program's compliance with laws, regulations and industry best practices?<\/div><input type='hidden' name='question_id[]' id='qID_42' value='342125' \/><input type='hidden' id='answerType342125' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342125[]' id='answer-id-1338385' class='answer   answerof-342125 ' value='1338385'   \/><label for='answer-id-1338385' id='answer-label-1338385' class=' answer'><span>Auditing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342125[]' id='answer-id-1338386' class='answer   answerof-342125 ' value='1338386'   \/><label for='answer-id-1338386' id='answer-label-1338386' class=' answer'><span>Monitoring.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342125[]' id='answer-id-1338387' class='answer   answerof-342125 ' value='1338387'   \/><label for='answer-id-1338387' id='answer-label-1338387' class=' answer'><span>Assessment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342125[]' id='answer-id-1338388' class='answer   answerof-342125 ' value='1338388'   \/><label for='answer-id-1338388' id='answer-label-1338388' class=' answer'><span>Forensics.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-43' style=';'><div id='questionWrap-43'  class='   watupro-question-id-342126'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>43. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have been worse. However, you have not had a reportable incident for the three years that you have been with the company. In fact, you consider your program a model that others in the data storage industry may note in their own program development. <br \/>\r<br>You started the program at Consolidated from a jumbled mix of policies and procedures and worked toward coherence across departments and throughout operations. You were aided along the way by the program's sponsor, the vice president of operations, as well as by a Privacy Team that started from a clear understanding of the need for change. <br \/>\r<br>Initially, your work was greeted with little confidence or enthusiasm by the company's &quot;old guard&quot; among both the executive team and frontline personnel working with data and interfacing with clients. Through the use of metrics that showed the costs not only of the breaches that had occurred, but also projections of the costs that easily could occur given the current state of operations, you soon had the leaders and key decision-makers largely on your side. Many of the other employees were more resistant, but face-to-face meetings with each department and the development of a baseline privacy training program achieved sufficient &quot;buy-in&quot; to begin putting the proper procedures into place. <br \/>\r<br>Now, privacy protection is an accepted component of all current operations involving personal or protected data and must be part of the end product of any process of technological development. While your approach is not systematic, it is fairly effective. <br \/>\r<br>You are left contemplating: <br \/>\r<br>What must be done to maintain the program and develop it beyond just a data breach prevention program? How can you build on your success? <br \/>\r<br>What are the next action steps? <br \/>\r<br>What analytic can be used to track the financial viability of the program as it develops?<\/div><input type='hidden' name='question_id[]' id='qID_43' value='342126' \/><input type='hidden' id='answerType342126' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342126[]' id='answer-id-1338389' class='answer   answerof-342126 ' value='1338389'   \/><label for='answer-id-1338389' id='answer-label-1338389' class=' answer'><span>Cost basis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342126[]' id='answer-id-1338390' class='answer   answerof-342126 ' value='1338390'   \/><label for='answer-id-1338390' id='answer-label-1338390' class=' answer'><span>Gap analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342126[]' id='answer-id-1338391' class='answer   answerof-342126 ' value='1338391'   \/><label for='answer-id-1338391' id='answer-label-1338391' class=' answer'><span>Return to investment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342126[]' id='answer-id-1338392' class='answer   answerof-342126 ' value='1338392'   \/><label for='answer-id-1338392' id='answer-label-1338392' class=' answer'><span>Breach impact modeling.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-44' style=';'><div id='questionWrap-44'  class='   watupro-question-id-342127'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>44. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have been worse. However, you have not had a reportable incident for the three years that you have been with the company. In fact, you consider your program a model that others in the data storage industry may note in their own program development. <br \/>\r<br>You started the program at Consolidated from a jumbled mix of policies and procedures and worked toward coherence across departments and throughout operations. You were aided along the way by the program's sponsor, the vice president of operations, as well as by a Privacy Team that started <br \/>\r<br>from a clear understanding of the need for change. <br \/>\r<br>Initially, your work was greeted with little confidence or enthusiasm by the company's &quot;old guard&quot; among both the executive team and frontline personnel working with data and interfacing with clients. Through the use of metrics that showed the costs not only of the breaches that had occurred, but also projections of the costs that easily could occur given the current state of operations, you soon had the leaders and key decision-makers largely on your side. Many of the other employees were more resistant, but face-to-face meetings with each department and the development of a baseline privacy training program achieved sufficient &quot;buy-in&quot; to begin putting the proper procedures into place. <br \/>\r<br>Now, privacy protection is an accepted component of all current operations involving personal or protected data and must be part of the end product of any process of technological development. While your approach is not systematic, it is fairly effective. <br \/>\r<br>You are left contemplating: <br \/>\r<br>What must be done to maintain the program and develop it beyond just a data breach prevention program? How can you build on your success? <br \/>\r<br>What are the next action steps? <br \/>\r<br>What process could most effectively be used to add privacy protections to a new, comprehensive program being developed at Consolidated?<\/div><input type='hidden' name='question_id[]' id='qID_44' value='342127' \/><input type='hidden' id='answerType342127' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342127[]' id='answer-id-1338393' class='answer   answerof-342127 ' value='1338393'   \/><label for='answer-id-1338393' id='answer-label-1338393' class=' answer'><span>Privacy by Design.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342127[]' id='answer-id-1338394' class='answer   answerof-342127 ' value='1338394'   \/><label for='answer-id-1338394' id='answer-label-1338394' class=' answer'><span>Privacy Step Assessment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342127[]' id='answer-id-1338395' class='answer   answerof-342127 ' value='1338395'   \/><label for='answer-id-1338395' id='answer-label-1338395' class=' answer'><span>Information Security Planning.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342127[]' id='answer-id-1338396' class='answer   answerof-342127 ' value='1338396'   \/><label for='answer-id-1338396' id='answer-label-1338396' class=' answer'><span>Innovation Privacy Standards.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-45' style=';'><div id='questionWrap-45'  class='   watupro-question-id-342128'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>45. <\/span>Which of the following indicates you have developed the right privacy framework for your organization?<\/div><input type='hidden' name='question_id[]' id='qID_45' value='342128' \/><input type='hidden' id='answerType342128' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342128[]' id='answer-id-1338397' class='answer   answerof-342128 ' value='1338397'   \/><label for='answer-id-1338397' id='answer-label-1338397' class=' answer'><span>It includes a privacy assessment of each major system.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342128[]' id='answer-id-1338398' class='answer   answerof-342128 ' value='1338398'   \/><label for='answer-id-1338398' id='answer-label-1338398' class=' answer'><span>It improves the consistency of the privacy program.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342128[]' id='answer-id-1338399' class='answer   answerof-342128 ' value='1338399'   \/><label for='answer-id-1338399' id='answer-label-1338399' class=' answer'><span>It works at a different type of organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342128[]' id='answer-id-1338400' class='answer   answerof-342128 ' value='1338400'   \/><label for='answer-id-1338400' id='answer-label-1338400' class=' answer'><span>It identifies all key stakeholders by name.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-46' style=';'><div id='questionWrap-46'  class='   watupro-question-id-342129'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>46. <\/span>Rationalizing requirements in order to comply with the various privacy requirements required by applicable law and regulation does NOT include which of the following?<\/div><input type='hidden' name='question_id[]' id='qID_46' value='342129' \/><input type='hidden' id='answerType342129' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342129[]' id='answer-id-1338401' class='answer   answerof-342129 ' value='1338401'   \/><label for='answer-id-1338401' id='answer-label-1338401' class=' answer'><span>Harmonizing shared obligations and privacy rights across varying legislation and\/or regulators.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342129[]' id='answer-id-1338402' class='answer   answerof-342129 ' value='1338402'   \/><label for='answer-id-1338402' id='answer-label-1338402' class=' answer'><span>Implementing a solution that significantly addresses shared obligations and privacy rights.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342129[]' id='answer-id-1338403' class='answer   answerof-342129 ' value='1338403'   \/><label for='answer-id-1338403' id='answer-label-1338403' class=' answer'><span>Applying the strictest standard for obligations and privacy rights that doesn't violate privacy laws elsewhere.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342129[]' id='answer-id-1338404' class='answer   answerof-342129 ' value='1338404'   \/><label for='answer-id-1338404' id='answer-label-1338404' class=' answer'><span>Addressing requirements that fall outside the common obligations and rights (outliers) on a case-by-case basis.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-47' style=';'><div id='questionWrap-47'  class='   watupro-question-id-342130'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>47. <\/span>What is the name for the privacy strategy model that describes delegated decision making?<\/div><input type='hidden' name='question_id[]' id='qID_47' value='342130' \/><input type='hidden' id='answerType342130' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342130[]' id='answer-id-1338405' class='answer   answerof-342130 ' value='1338405'   \/><label for='answer-id-1338405' id='answer-label-1338405' class=' answer'><span>De-centralized.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342130[]' id='answer-id-1338406' class='answer   answerof-342130 ' value='1338406'   \/><label for='answer-id-1338406' id='answer-label-1338406' class=' answer'><span>De-functionalized.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342130[]' id='answer-id-1338407' class='answer   answerof-342130 ' value='1338407'   \/><label for='answer-id-1338407' id='answer-label-1338407' class=' answer'><span>Hybrid.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342130[]' id='answer-id-1338408' class='answer   answerof-342130 ' value='1338408'   \/><label for='answer-id-1338408' id='answer-label-1338408' class=' answer'><span>Matrix.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-48' style=';'><div id='questionWrap-48'  class='   watupro-question-id-342131'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>48. <\/span>Which of the following controls does the PCI DSS framework NOT require?<\/div><input type='hidden' name='question_id[]' id='qID_48' value='342131' \/><input type='hidden' id='answerType342131' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342131[]' id='answer-id-1338409' class='answer   answerof-342131 ' value='1338409'   \/><label for='answer-id-1338409' id='answer-label-1338409' class=' answer'><span>Implement strong asset control protocols.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342131[]' id='answer-id-1338410' class='answer   answerof-342131 ' value='1338410'   \/><label for='answer-id-1338410' id='answer-label-1338410' class=' answer'><span>Implement strong access control measures.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342131[]' id='answer-id-1338411' class='answer   answerof-342131 ' value='1338411'   \/><label for='answer-id-1338411' id='answer-label-1338411' class=' answer'><span>Maintain an information security policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342131[]' id='answer-id-1338412' class='answer   answerof-342131 ' value='1338412'   \/><label for='answer-id-1338412' id='answer-label-1338412' class=' answer'><span>Maintain a vulnerability management program.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-49' style=';'><div id='questionWrap-49'  class='   watupro-question-id-342132'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>49. <\/span>Which of the following privacy frameworks are legally binding?<\/div><input type='hidden' name='question_id[]' id='qID_49' value='342132' \/><input type='hidden' id='answerType342132' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342132[]' id='answer-id-1338413' class='answer   answerof-342132 ' value='1338413'   \/><label for='answer-id-1338413' id='answer-label-1338413' class=' answer'><span>Binding Corporate Rules (BCRs).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342132[]' id='answer-id-1338414' class='answer   answerof-342132 ' value='1338414'   \/><label for='answer-id-1338414' id='answer-label-1338414' class=' answer'><span>Generally Accepted Privacy Principles (GAPP).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342132[]' id='answer-id-1338415' class='answer   answerof-342132 ' value='1338415'   \/><label for='answer-id-1338415' id='answer-label-1338415' class=' answer'><span>Asia-Pacific Economic Cooperation (APEC) Privacy Framework.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342132[]' id='answer-id-1338416' class='answer   answerof-342132 ' value='1338416'   \/><label for='answer-id-1338416' id='answer-label-1338416' class=' answer'><span>Organization for Economic Co-Operation and Development (OECD) Guidelines.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-50' style=';'><div id='questionWrap-50'  class='   watupro-question-id-342133'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>50. <\/span>Which of the following is an example of Privacy by Design (PbD)?<\/div><input type='hidden' name='question_id[]' id='qID_50' value='342133' \/><input type='hidden' id='answerType342133' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342133[]' id='answer-id-1338417' class='answer   answerof-342133 ' value='1338417'   \/><label for='answer-id-1338417' id='answer-label-1338417' class=' answer'><span>A company hires a professional to structure a privacy program that anticipates the increasing demands of new laws.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342133[]' id='answer-id-1338418' class='answer   answerof-342133 ' value='1338418'   \/><label for='answer-id-1338418' id='answer-label-1338418' class=' answer'><span>The human resources group develops a training program for employees to become certified in privacy policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342133[]' id='answer-id-1338419' class='answer   answerof-342133 ' value='1338419'   \/><label for='answer-id-1338419' id='answer-label-1338419' class=' answer'><span>A labor union insists that the details of employers' data protection methods be documented in a new contract.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342133[]' id='answer-id-1338420' class='answer   answerof-342133 ' value='1338420'   \/><label for='answer-id-1338420' id='answer-label-1338420' class=' answer'><span>The information technology group uses privacy considerations to inform the development of new networking software.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-51' style=';'><div id='questionWrap-51'  class='   watupro-question-id-342134'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>51. <\/span>In regards to the collection of personal data conducted by an organization, what must the data subject be allowed to do?<\/div><input type='hidden' name='question_id[]' id='qID_51' value='342134' \/><input type='hidden' id='answerType342134' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342134[]' id='answer-id-1338421' class='answer   answerof-342134 ' value='1338421'   \/><label for='answer-id-1338421' id='answer-label-1338421' class=' answer'><span>Evaluate the qualifications of a third-party processor before any data is transferred to that processor.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342134[]' id='answer-id-1338422' class='answer   answerof-342134 ' value='1338422'   \/><label for='answer-id-1338422' id='answer-label-1338422' class=' answer'><span>Obtain a guarantee of prompt notification in instances involving unauthorized access of the data.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342134[]' id='answer-id-1338423' class='answer   answerof-342134 ' value='1338423'   \/><label for='answer-id-1338423' id='answer-label-1338423' class=' answer'><span>Set a time-limit as to how long the personal data may be stored by the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342134[]' id='answer-id-1338424' class='answer   answerof-342134 ' value='1338424'   \/><label for='answer-id-1338424' id='answer-label-1338424' class=' answer'><span>Challenge the authenticity of the personal data and have it corrected if needed.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-52' style=';'><div id='questionWrap-52'  class='   watupro-question-id-342135'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>52. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new initiative to encourage employees to use personal devices for conducting business. The initiative made purchasing a new, high-specification laptop computer an attractive option, with discounted laptops paid for as a payroll deduction spread over a year of paychecks. The organization is also paying the sales taxes. It's a great deal, and after a month, more than half the organization's employees have signed on and acquired new laptops. Walking through the facility, you see them happily customizing and comparing notes on their new computers, and at the end of the day, most take their laptops with them, potentially carrying personal data to their homes or other unknown locations. It's enough to give you data- protection nightmares, and you've pointed out to the information technology Director and many others in the organization the potential hazards of this new practice, including the inevitability of eventual data loss or theft. <br \/>\r<br>Today you have in your office a representative of the organization's marketing department who shares with you, reluctantly, a story with potentially serious consequences. The night before, straight from work, with laptop in hand, he went to the Bull and Horn Pub to play billiards with his friends. A fine night of sport and socializing began, with the laptop &quot;safely&quot; tucked on a bench, beneath his jacket. Later that night, when it was time to depart, he retrieved the jacket, but the laptop was gone. It was not beneath the bench or on another bench nearby. The waitstaff had not seen it. His friends were not playing a joke on him. After a sleepless night, he confirmed it this morning, stopping by the pub to talk to the cleanup crew. They had not found it. The laptop was missing. Stolen, it seems. He looks at you, embarrassed and upset. <br \/>\r<br>You ask him if the laptop contains any personal data from clients, and, sadly, he nods his head, yes. He believes it contains files on about 100 clients, including names, addresses and governmental identification numbers. He sighs and places his head in his hands in despair. <br \/>\r<br>Which is the best way to ensure that data on personal equipment is protected?<\/div><input type='hidden' name='question_id[]' id='qID_52' value='342135' \/><input type='hidden' id='answerType342135' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342135[]' id='answer-id-1338425' class='answer   answerof-342135 ' value='1338425'   \/><label for='answer-id-1338425' id='answer-label-1338425' class=' answer'><span>User risk training.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342135[]' id='answer-id-1338426' class='answer   answerof-342135 ' value='1338426'   \/><label for='answer-id-1338426' id='answer-label-1338426' class=' answer'><span>Biometric security.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342135[]' id='answer-id-1338427' class='answer   answerof-342135 ' value='1338427'   \/><label for='answer-id-1338427' id='answer-label-1338427' class=' answer'><span>Encryption of the data.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342135[]' id='answer-id-1338428' class='answer   answerof-342135 ' value='1338428'   \/><label for='answer-id-1338428' id='answer-label-1338428' class=' answer'><span>Frequent data backups.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-53' style=';'><div id='questionWrap-53'  class='   watupro-question-id-342136'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>53. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new initiative to encourage employees to use personal devices for conducting business. The initiative made purchasing a new, high-specification laptop computer an attractive option, with discounted laptops paid for as a payroll deduction spread over a year of paychecks. The organization is also paying the sales taxes. It's a great deal, and after a month, more than half the organization's employees have signed on and acquired new laptops. Walking through the facility, you see them happily customizing and comparing notes on their new computers, and at the end of the day, most take their laptops with them, potentially carrying personal data to their homes or other unknown locations. It's enough to give you data- protection nightmares, and you've pointed out to the information technology Director and many others in the organization the potential hazards of this new practice, including the inevitability of eventual data loss or theft. <br \/>\r<br>Today you have in your office a representative of the organization's marketing department who shares with you, reluctantly, a story with potentially serious consequences. The night before, straight from work, with laptop in hand, he went to the Bull and Horn Pub to play billiards with his friends. A fine night of sport and socializing began, with the laptop &quot;safely&quot; tucked on a bench, beneath his jacket. Later that night, when it was time to depart, he retrieved the jacket, but the laptop was gone. It was not beneath the bench or on another bench nearby. The waitstaff had not seen it. His friends were not playing a joke on him. After a sleepless night, he confirmed it this morning, stopping by the pub to talk to the cleanup crew. They had not found it. The laptop was missing. Stolen, it seems. He looks at you, embarrassed and upset. <br \/>\r<br>You ask him if the laptop contains any personal data from clients, and, sadly, he nods his head, yes. He believes it contains files on about 100 clients, including names, addresses and governmental identification numbers. He sighs and places his head in his hands in despair. <br \/>\r<br>From a business standpoint, what is the most productive way to view employee use of personal equipment for work-related tasks?<\/div><input type='hidden' name='question_id[]' id='qID_53' value='342136' \/><input type='hidden' id='answerType342136' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342136[]' id='answer-id-1338429' class='answer   answerof-342136 ' value='1338429'   \/><label for='answer-id-1338429' id='answer-label-1338429' class=' answer'><span>The use of personal equipment is a cost-effective measure that leads to no greater security risks than are always present in a modern organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342136[]' id='answer-id-1338430' class='answer   answerof-342136 ' value='1338430'   \/><label for='answer-id-1338430' id='answer-label-1338430' class=' answer'><span>Any computer or other equipment is company property whenever it is used for company business.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342136[]' id='answer-id-1338431' class='answer   answerof-342136 ' value='1338431'   \/><label for='answer-id-1338431' id='answer-label-1338431' class=' answer'><span>While the company may not own the equipment, it is required to protect the business-related data on any equipment used by its employees.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342136[]' id='answer-id-1338432' class='answer   answerof-342136 ' value='1338432'   \/><label for='answer-id-1338432' id='answer-label-1338432' class=' answer'><span>The use of personal equipment must be reduced as it leads to inevitable security risks.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-54' style=';'><div id='questionWrap-54'  class='   watupro-question-id-342137'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>54. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new initiative to encourage employees to use personal devices for conducting business. The initiative made purchasing a new, high-specification laptop computer an attractive option, with discounted laptops paid for as a payroll deduction spread over a year of paychecks. The organization is also paying the sales taxes. It's a great deal, and after a month, more than half the organization's employees have signed on and acquired new laptops. Walking through the facility, you see them happily customizing and comparing notes on their new computers, and at the end of the day, most take their laptops with them, potentially carrying personal data to their homes or other unknown locations. It's enough to give you data- protection nightmares, and you've pointed out to the information technology Director and many others in the organization the potential hazards of this new practice, including the inevitability of eventual data loss or theft. <br \/>\r<br>Today you have in your office a representative of the organization's marketing department who shares with you, reluctantly, a story with potentially serious consequences. The night before, straight from work, with laptop in hand, he went to the Bull and Horn Pub to play billiards with his friends. A fine night of sport and socializing began, with the laptop &quot;safely&quot; tucked on a bench, beneath his jacket. Later that night, when it was time to depart, he retrieved the jacket, but the laptop was gone. It was not beneath the bench or on another bench nearby. The waitstaff had not seen it. His friends were not playing a joke on him. After a sleepless night, he confirmed it this morning, stopping by the pub to talk to the cleanup crew. They had not found it. The laptop was missing. Stolen, it seems. He looks at you, embarrassed and upset. <br \/>\r<br>You ask him if the laptop contains any personal data from clients, and, sadly, he nods his head, yes. He believes it contains files on about 100 clients, including names, addresses and governmental identification numbers. He sighs and places his head in his hands in despair. <br \/>\r<br>In order to determine the best course of action, how should this incident most productively be viewed?<\/div><input type='hidden' name='question_id[]' id='qID_54' value='342137' \/><input type='hidden' id='answerType342137' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342137[]' id='answer-id-1338433' class='answer   answerof-342137 ' value='1338433'   \/><label for='answer-id-1338433' id='answer-label-1338433' class=' answer'><span>As the accidental loss of personal property containing data that must be restored.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342137[]' id='answer-id-1338434' class='answer   answerof-342137 ' value='1338434'   \/><label for='answer-id-1338434' id='answer-label-1338434' class=' answer'><span>As a potential compromise of personal information through unauthorized access.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342137[]' id='answer-id-1338435' class='answer   answerof-342137 ' value='1338435'   \/><label for='answer-id-1338435' id='answer-label-1338435' class=' answer'><span>As an incident that requires the abrupt initiation of a notification campaign.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342137[]' id='answer-id-1338436' class='answer   answerof-342137 ' value='1338436'   \/><label for='answer-id-1338436' id='answer-label-1338436' class=' answer'><span>As the premeditated theft of company data, until shown otherwise.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-55' style=';'><div id='questionWrap-55'  class='   watupro-question-id-342138'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>55. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new initiative to encourage employees to use personal devices for conducting business. The initiative made purchasing a new, high-specification laptop computer an attractive option, with discounted laptops paid for as a payroll deduction spread over a year of paychecks. The organization is also paying the sales taxes. It's a great deal, and after a month, more than half the organization's employees have signed on and acquired new laptops. Walking through the facility, you see them happily customizing and comparing notes on their new computers, and at the end of the day, most take their laptops with them, potentially carrying personal data to their homes or other unknown locations. It's enough to give you data- protection nightmares, and you've pointed out to the information technology Director and many others in the organization the potential hazards of this new practice, including the inevitability of eventual data loss or theft. <br \/>\r<br>Today you have in your office a representative of the organization's marketing department who shares with you, reluctantly, a story with potentially serious consequences. The night before, straight from work, with laptop in hand, he went to the Bull and Horn Pub to play billiards with his friends. A fine night of sport and socializing began, with the laptop &quot;safely&quot; tucked on a bench, beneath his jacket. Later that night, when it was time to depart, he retrieved the jacket, but the laptop was gone. It was not beneath the bench or on another bench nearby. The waitstaff had not seen it. His friends were not playing a joke on him. After a sleepless night, he confirmed it this morning, stopping by the pub to talk to the cleanup crew. They had not found it. The laptop was missing. Stolen, it seems. He looks at you, embarrassed and upset. <br \/>\r<br>You ask him if the laptop contains any personal data from clients, and, sadly, he nods his head, yes. He believes it contains files on about 100 clients, including names, addresses and governmental identification numbers. He sighs and places his head in his hands in despair. <br \/>\r<br>What should you do first to ascertain additional information about the loss of data?<\/div><input type='hidden' name='question_id[]' id='qID_55' value='342138' \/><input type='hidden' id='answerType342138' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342138[]' id='answer-id-1338437' class='answer   answerof-342138 ' value='1338437'   \/><label for='answer-id-1338437' id='answer-label-1338437' class=' answer'><span>Interview the person reporting the incident following a standard protocol.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342138[]' id='answer-id-1338438' class='answer   answerof-342138 ' value='1338438'   \/><label for='answer-id-1338438' id='answer-label-1338438' class=' answer'><span>Call the police to investigate even if you are unsure a crime occurred.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342138[]' id='answer-id-1338439' class='answer   answerof-342138 ' value='1338439'   \/><label for='answer-id-1338439' id='answer-label-1338439' class=' answer'><span>Investigate the background of the person reporting the incident.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342138[]' id='answer-id-1338440' class='answer   answerof-342138 ' value='1338440'   \/><label for='answer-id-1338440' id='answer-label-1338440' class=' answer'><span>Check company records of the latest backups to see what data may be recoverable.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-56' style=';'><div id='questionWrap-56'  class='   watupro-question-id-342139'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>56. <\/span>Which is NOT an influence on the privacy environment external to an organization?<\/div><input type='hidden' name='question_id[]' id='qID_56' value='342139' \/><input type='hidden' id='answerType342139' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342139[]' id='answer-id-1338441' class='answer   answerof-342139 ' value='1338441'   \/><label for='answer-id-1338441' id='answer-label-1338441' class=' answer'><span>Management team priorities.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342139[]' id='answer-id-1338442' class='answer   answerof-342139 ' value='1338442'   \/><label for='answer-id-1338442' id='answer-label-1338442' class=' answer'><span>Regulations.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342139[]' id='answer-id-1338443' class='answer   answerof-342139 ' value='1338443'   \/><label for='answer-id-1338443' id='answer-label-1338443' class=' answer'><span>Consumer demand.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342139[]' id='answer-id-1338444' class='answer   answerof-342139 ' value='1338444'   \/><label for='answer-id-1338444' id='answer-label-1338444' class=' answer'><span>Technological advances.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-57' style=';'><div id='questionWrap-57'  class='   watupro-question-id-342140'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>57. <\/span>How are individual program needs and specific organizational goals identified in privacy framework development?<\/div><input type='hidden' name='question_id[]' id='qID_57' value='342140' \/><input type='hidden' id='answerType342140' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342140[]' id='answer-id-1338445' class='answer   answerof-342140 ' value='1338445'   \/><label for='answer-id-1338445' id='answer-label-1338445' class=' answer'><span>By employing metrics to align privacy protection with objectives.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342140[]' id='answer-id-1338446' class='answer   answerof-342140 ' value='1338446'   \/><label for='answer-id-1338446' id='answer-label-1338446' class=' answer'><span>Through conversations with the privacy team.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342140[]' id='answer-id-1338447' class='answer   answerof-342140 ' value='1338447'   \/><label for='answer-id-1338447' id='answer-label-1338447' class=' answer'><span>By employing an industry-standard needs analysis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342140[]' id='answer-id-1338448' class='answer   answerof-342140 ' value='1338448'   \/><label for='answer-id-1338448' id='answer-label-1338448' class=' answer'><span>Through creation of the business case.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-58' style=';'><div id='questionWrap-58'  class='   watupro-question-id-342141'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>58. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Natalia, CFO of the Nationwide Grill restaurant chain, had never seen her fellow executives so anxious. Last week, a data processing firm used by the company reported that its system may have been hacked, and customer data such as names, addresses, and birthdays may have been compromised. Although the attempt was proven unsuccessful, the scare has prompted several Nationwide Grill executives to Question the company's privacy program at today's meeting. <br \/>\r<br>Alice, a vice president, said that the incident could have opened the door to lawsuits, potentially damaging <br \/>\r<br>Nationwide Grill's market position. The Chief Information Officer (CIO), Brendan, tried to assure her that even if there had been an actual breach, the chances of a successful suit against the company were slim. But Alice remained unconvinced. <br \/>\r<br>Spencer C a former CEO and currently a senior advisor C said that he had always warned against the use of contractors for data processing. At the very least, he argued, they should be held contractually liable for telling customers about any security incidents. In his view, Nationwide Grill should not be forced to soil the company name for a problem it did not cause. <br \/>\r<br>One of the business development (BD) executives, Haley, then spoke, imploring everyone to see reason. &quot;Breaches can happen, despite organizations' best efforts,&quot; she remarked. &quot;Reasonable preparedness is key.&quot; She reminded everyone of the incident seven years ago when the large grocery chain Tinkerton's had its financial information compromised after a large order of Nationwide Grill frozen dinners. As a long-time BD executive with a solid understanding of Tinkerton's's corporate culture, built up through many years of cultivating relationships, Haley was able to successfully manage the company's incident response. <br \/>\r<br>Spencer replied that acting with reason means allowing security to be handled by the security functions within the company C not BD staff. In a similar way, he said, Human Resources (HR) needs to do a better job training employees to prevent incidents. He pointed out that Nationwide Grill employees are overwhelmed with posters, emails, and memos from both HR and the ethics department related to the company's privacy program. Both the volume and the duplication of information means that it is often ignored altogether. <br \/>\r<br>Spencer said, &quot;The company needs to dedicate itself to its privacy program and set regular in-person trainings for all staff once a month.&quot; <br \/>\r<br>Alice responded that the suggestion, while well-meaning, is not practical. With many locations, local HR departments need to have flexibility with their training schedules. Silently, Natalia agreed. <br \/>\r<br>What is the most realistic step the organization can take to help diminish liability in the event of another incident?<\/div><input type='hidden' name='question_id[]' id='qID_58' value='342141' \/><input type='hidden' id='answerType342141' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342141[]' id='answer-id-1338449' class='answer   answerof-342141 ' value='1338449'   \/><label for='answer-id-1338449' id='answer-label-1338449' class=' answer'><span>Requiring the vendor to perform periodic internal audits.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342141[]' id='answer-id-1338450' class='answer   answerof-342141 ' value='1338450'   \/><label for='answer-id-1338450' id='answer-label-1338450' class=' answer'><span>Specifying mandatory data protection practices in vendor contracts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342141[]' id='answer-id-1338451' class='answer   answerof-342141 ' value='1338451'   \/><label for='answer-id-1338451' id='answer-label-1338451' class=' answer'><span>Keeping the majority of processing activities within the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342141[]' id='answer-id-1338452' class='answer   answerof-342141 ' value='1338452'   \/><label for='answer-id-1338452' id='answer-label-1338452' class=' answer'><span>Obtaining customer consent for any third-party processing of personal data.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-59' style=';'><div id='questionWrap-59'  class='   watupro-question-id-342142'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>59. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Natalia, CFO of the Nationwide Grill restaurant chain, had never seen her fellow executives so anxious. Last week, a data processing firm used by the company reported that its system may have been hacked, and customer data such as names, addresses, and birthdays may have been compromised. Although the attempt was proven unsuccessful, the scare has prompted several Nationwide Grill executives to Question the company's privacy program at today's meeting. <br \/>\r<br>Alice, a vice president, said that the incident could have opened the door to lawsuits, potentially damaging Nationwide Grill's market position. The Chief Information Officer (CIO), Brendan, tried to assure her that even if there had been an actual breach, the chances of a successful suit against the company were slim. But Alice remained unconvinced. <br \/>\r<br>Spencer C a former CEO and currently a senior advisor C said that he had always warned against the use of contractors for data processing. At the very least, he argued, they should be held contractually liable for telling customers about any security incidents. In his view, Nationwide Grill should not be forced to soil the company name for a problem it did not cause. <br \/>\r<br>One of the business development (BD) executives, Haley, then spoke, imploring everyone to see reason. &quot;Breaches can happen, despite organizations' best efforts,&quot; she remarked. &quot;Reasonable preparedness is key.&quot; She reminded everyone of the incident seven years ago when the large grocery chain Tinkerton's had its financial information compromised after a large order of Nationwide Grill frozen dinners. As a long-time BD executive with a solid understanding of Tinkerton's's corporate culture, built up through many years of cultivating relationships, Haley was able to successfully manage the company's incident response. <br \/>\r<br>Spencer replied that acting with reason means allowing security to be handled by the security functions within the company C not BD staff. In a similar way, he said, Human Resources (HR) needs to do a better job training employees to prevent incidents. He pointed out that Nationwide Grill employees are overwhelmed with posters, emails, and memos from both HR and the ethics department related to the company's privacy program. Both the volume and the duplication of information means that it is often ignored altogether. <br \/>\r<br>Spencer said, &quot;The company needs to dedicate itself to its privacy program and set regular in-person trainings for all staff once a month.&quot; <br \/>\r<br>Alice responded that the suggestion, while well-meaning, is not practical. With many locations, local HR departments need to have flexibility with their training schedules. Silently, Natalia agreed. <br \/>\r<br>Based on the scenario, Nationwide Grill needs to create better employee awareness of the company's privacy program by doing what?<\/div><input type='hidden' name='question_id[]' id='qID_59' value='342142' \/><input type='hidden' id='answerType342142' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342142[]' id='answer-id-1338453' class='answer   answerof-342142 ' value='1338453'   \/><label for='answer-id-1338453' id='answer-label-1338453' class=' answer'><span>Varying the modes of communication.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342142[]' id='answer-id-1338454' class='answer   answerof-342142 ' value='1338454'   \/><label for='answer-id-1338454' id='answer-label-1338454' class=' answer'><span>Communicating to the staff more often.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342142[]' id='answer-id-1338455' class='answer   answerof-342142 ' value='1338455'   \/><label for='answer-id-1338455' id='answer-label-1338455' class=' answer'><span>Improving inter-departmental cooperation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342142[]' id='answer-id-1338456' class='answer   answerof-342142 ' value='1338456'   \/><label for='answer-id-1338456' id='answer-label-1338456' class=' answer'><span>Requiring acknowledgment of company memos.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-60' style=';'><div id='questionWrap-60'  class='   watupro-question-id-342143'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>60. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Natalia, CFO of the Nationwide Grill restaurant chain, had never seen her fellow executives so anxious. Last week, a data processing firm used by the company reported that its system may have been hacked, and customer data such as names, addresses, and birthdays may have been compromised. Although the attempt was proven unsuccessful, the scare has prompted several Nationwide Grill executives to Question the company's privacy program at today's meeting. <br \/>\r<br>Alice, a vice president, said that the incident could have opened the door to lawsuits, potentially damaging Nationwide Grill's market position. The Chief Information Officer (CIO), Brendan, tried to assure her that even if there had been an actual breach, the chances of a successful suit against the company were slim. But Alice remained unconvinced. <br \/>\r<br>Spencer C a former CEO and currently a senior advisor C said that he had always warned against the use of contractors for data processing. At the very least, he argued, they should be held contractually liable for telling <br \/>\r<br>customers about any security incidents. In his view, Nationwide Grill should not be forced to soil the company name for a problem it did not cause. <br \/>\r<br>One of the business development (BD) executives, Haley, then spoke, imploring everyone to see reason. &quot;Breaches can happen, despite organizations' best efforts,&quot; she remarked. &quot;Reasonable preparedness is key.&quot; She reminded everyone of the incident seven years ago when the large grocery chain Tinkerton's had its financial information compromised after a large order of Nationwide Grill frozen dinners. As a long-time BD executive with a solid understanding of Tinkerton's's corporate culture, built up through many years of cultivating relationships, Haley was able to successfully manage the company's incident response. <br \/>\r<br>Spencer replied that acting with reason means allowing security to be handled by the security functions within the company C not BD staff. In a similar way, he said, Human Resources (HR) needs to do a better job training employees to prevent incidents. He pointed out that Nationwide Grill employees are overwhelmed with posters, emails, and memos from both HR and the ethics department related to the company's privacy program. Both the volume and the duplication of information means that it is often ignored altogether. <br \/>\r<br>Spencer said, &quot;The company needs to dedicate itself to its privacy program and set regular in-person trainings for all staff once a month.&quot; <br \/>\r<br>Alice responded that the suggestion, while well-meaning, is not practical. With many locations, local HR departments need to have flexibility with their training schedules. Silently, Natalia agreed. <br \/>\r<br>How could the objection to Spencer's training suggestion be addressed?<\/div><input type='hidden' name='question_id[]' id='qID_60' value='342143' \/><input type='hidden' id='answerType342143' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342143[]' id='answer-id-1338457' class='answer   answerof-342143 ' value='1338457'   \/><label for='answer-id-1338457' id='answer-label-1338457' class=' answer'><span>By requiring training only on an as-needed basis.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342143[]' id='answer-id-1338458' class='answer   answerof-342143 ' value='1338458'   \/><label for='answer-id-1338458' id='answer-label-1338458' class=' answer'><span>By offering alternative delivery methods for trainings.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342143[]' id='answer-id-1338459' class='answer   answerof-342143 ' value='1338459'   \/><label for='answer-id-1338459' id='answer-label-1338459' class=' answer'><span>By introducing a system of periodic refresher trainings.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342143[]' id='answer-id-1338460' class='answer   answerof-342143 ' value='1338460'   \/><label for='answer-id-1338460' id='answer-label-1338460' class=' answer'><span>By customizing training based on length of employee tenure.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-61' style=';'><div id='questionWrap-61'  class='   watupro-question-id-342144'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>61. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Natalia, CFO of the Nationwide Grill restaurant chain, had never seen her fellow executives so anxious. Last week, a data processing firm used by the company reported that its system may have been hacked, and customer data such as names, addresses, and birthdays may have been compromised. Although the attempt was proven unsuccessful, the scare has prompted several Nationwide Grill executives to Question the company's privacy program at today's meeting. <br \/>\r<br>Alice, a vice president, said that the incident could have opened the door to lawsuits, potentially damaging Nationwide Grill's market position. The Chief Information Officer (CIO), Brendan, tried to assure her that even if there had been an actual breach, the chances of a successful suit against the company were slim. But Alice remained unconvinced. <br \/>\r<br>Spencer C a former CEO and currently a senior advisor C said that he had always warned against the use of contractors for data processing. At the very least, he argued, they should be held contractually liable for telling customers about any security incidents. In his view, Nationwide Grill should not be forced to soil the company name for a problem it did not cause. <br \/>\r<br>One of the business development (BD) executives, Haley, then spoke, imploring everyone to see reason. <br \/>\r<br>&quot;Breaches can happen, despite organizations' best efforts,&quot; she remarked. &quot;Reasonable preparedness is key.&quot; She reminded everyone of the incident seven years ago when the large grocery chain Tinkerton's had its financial information compromised after a large order of Nationwide Grill frozen dinners. As a long-time BD executive with a solid understanding of Tinkerton's's corporate culture, built up through many years of cultivating relationships, Haley was able to successfully manage the company's incident response. <br \/>\r<br>Spencer replied that acting with reason means allowing security to be handled by the security functions within the company C not BD staff. In a similar way, he said, Human Resources (HR) needs <br \/>\r<br>to do a better job training employees to prevent incidents. He pointed out that Nationwide Grill employees are overwhelmed with posters, emails, and memos from both HR and the ethics department related to the company's privacy program. Both the volume and the duplication of information means that it is often ignored altogether. <br \/>\r<br>Spencer said, &quot;The company needs to dedicate itself to its privacy program and set regular in-person trainings for all staff once a month.&quot; <br \/>\r<br>Alice responded that the suggestion, while well-meaning, is not practical. With many locations, local HR departments need to have flexibility with their training schedules. Silently, Natalia agreed. <br \/>\r<br>The senior advisor, Spencer, has a misconception regarding?<\/div><input type='hidden' name='question_id[]' id='qID_61' value='342144' \/><input type='hidden' id='answerType342144' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342144[]' id='answer-id-1338461' class='answer   answerof-342144 ' value='1338461'   \/><label for='answer-id-1338461' id='answer-label-1338461' class=' answer'><span>The amount of responsibility that a data controller retains.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342144[]' id='answer-id-1338462' class='answer   answerof-342144 ' value='1338462'   \/><label for='answer-id-1338462' id='answer-label-1338462' class=' answer'><span>The appropriate role of an organization's security department.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342144[]' id='answer-id-1338463' class='answer   answerof-342144 ' value='1338463'   \/><label for='answer-id-1338463' id='answer-label-1338463' class=' answer'><span>The degree to which training can lessen the number of security incidents.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342144[]' id='answer-id-1338464' class='answer   answerof-342144 ' value='1338464'   \/><label for='answer-id-1338464' id='answer-label-1338464' class=' answer'><span>The role of Human Resources employees in an organization's privacy program.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-62' style=';'><div id='questionWrap-62'  class='   watupro-question-id-342145'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>62. <\/span>Formosa International operates in 20 different countries including the United States and France. <br \/>\r<br>What organizational approach would make complying with a number of different regulations easier?<\/div><input type='hidden' name='question_id[]' id='qID_62' value='342145' \/><input type='hidden' id='answerType342145' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342145[]' id='answer-id-1338465' class='answer   answerof-342145 ' value='1338465'   \/><label for='answer-id-1338465' id='answer-label-1338465' class=' answer'><span>Data mapping.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342145[]' id='answer-id-1338466' class='answer   answerof-342145 ' value='1338466'   \/><label for='answer-id-1338466' id='answer-label-1338466' class=' answer'><span>Fair Information Practices.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342145[]' id='answer-id-1338467' class='answer   answerof-342145 ' value='1338467'   \/><label for='answer-id-1338467' id='answer-label-1338467' class=' answer'><span>Rationalizing requirements.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342145[]' id='answer-id-1338468' class='answer   answerof-342145 ' value='1338468'   \/><label for='answer-id-1338468' id='answer-label-1338468' class=' answer'><span>Decentralized privacy management.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-63' style=';'><div id='questionWrap-63'  class='   watupro-question-id-342146'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>63. <\/span>When implementing Privacy by Design (PbD), what would NOT be a key consideration?<\/div><input type='hidden' name='question_id[]' id='qID_63' value='342146' \/><input type='hidden' id='answerType342146' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342146[]' id='answer-id-1338469' class='answer   answerof-342146 ' value='1338469'   \/><label for='answer-id-1338469' id='answer-label-1338469' class=' answer'><span>Collection limitation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342146[]' id='answer-id-1338470' class='answer   answerof-342146 ' value='1338470'   \/><label for='answer-id-1338470' id='answer-label-1338470' class=' answer'><span>Data minimization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342146[]' id='answer-id-1338471' class='answer   answerof-342146 ' value='1338471'   \/><label for='answer-id-1338471' id='answer-label-1338471' class=' answer'><span>Limitations on liability.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342146[]' id='answer-id-1338472' class='answer   answerof-342146 ' value='1338472'   \/><label for='answer-id-1338472' id='answer-label-1338472' class=' answer'><span>Purpose specification.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-64' style=';'><div id='questionWrap-64'  class='   watupro-question-id-342147'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>64. <\/span>For an organization that has just experienced a data breach, what might be the least relevant metric for a company's privacy and governance team?<\/div><input type='hidden' name='question_id[]' id='qID_64' value='342147' \/><input type='hidden' id='answerType342147' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342147[]' id='answer-id-1338473' class='answer   answerof-342147 ' value='1338473'   \/><label for='answer-id-1338473' id='answer-label-1338473' class=' answer'><span>The number of security patches applied to company devices.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342147[]' id='answer-id-1338474' class='answer   answerof-342147 ' value='1338474'   \/><label for='answer-id-1338474' id='answer-label-1338474' class=' answer'><span>The number of privacy rights requests that have been exercised.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342147[]' id='answer-id-1338475' class='answer   answerof-342147 ' value='1338475'   \/><label for='answer-id-1338475' id='answer-label-1338475' class=' answer'><span>The number of Privacy Impact Assessments that have been completed.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342147[]' id='answer-id-1338476' class='answer   answerof-342147 ' value='1338476'   \/><label for='answer-id-1338476' id='answer-label-1338476' class=' answer'><span>The number of employees who have completed data awareness training.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-65' style=';'><div id='questionWrap-65'  class='   watupro-question-id-342148'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>65. <\/span>In which situation would a Privacy Impact Assessment (PIA) be the least likely to be required?<\/div><input type='hidden' name='question_id[]' id='qID_65' value='342148' \/><input type='hidden' id='answerType342148' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342148[]' id='answer-id-1338477' class='answer   answerof-342148 ' value='1338477'   \/><label for='answer-id-1338477' id='answer-label-1338477' class=' answer'><span>If a company created a credit-scoring platform five years ago.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342148[]' id='answer-id-1338478' class='answer   answerof-342148 ' value='1338478'   \/><label for='answer-id-1338478' id='answer-label-1338478' class=' answer'><span>If a health-care professional or lawyer processed personal data from a patient's file.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342148[]' id='answer-id-1338479' class='answer   answerof-342148 ' value='1338479'   \/><label for='answer-id-1338479' id='answer-label-1338479' class=' answer'><span>If a social media company created a new product compiling personal data to generate user profiles.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342148[]' id='answer-id-1338480' class='answer   answerof-342148 ' value='1338480'   \/><label for='answer-id-1338480' id='answer-label-1338480' class=' answer'><span>If an after-school club processed children's data to determine which children might have food allergies.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-66' style=';'><div id='questionWrap-66'  class='   watupro-question-id-342149'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>66. <\/span>Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?<\/div><input type='hidden' name='question_id[]' id='qID_66' value='342149' \/><input type='hidden' id='answerType342149' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342149[]' id='answer-id-1338481' class='answer   answerof-342149 ' value='1338481'   \/><label for='answer-id-1338481' id='answer-label-1338481' class=' answer'><span>An obligation on the processor to report any personal data breach to the controller within 72 hours.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342149[]' id='answer-id-1338482' class='answer   answerof-342149 ' value='1338482'   \/><label for='answer-id-1338482' id='answer-label-1338482' class=' answer'><span>An obligation on both parties to report any serious personal data breach to the supervisory authority.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342149[]' id='answer-id-1338483' class='answer   answerof-342149 ' value='1338483'   \/><label for='answer-id-1338483' id='answer-label-1338483' class=' answer'><span>An obligation on both parties to agree to a termination of the agreement if the other party is responsible for a personal data breach.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342149[]' id='answer-id-1338484' class='answer   answerof-342149 ' value='1338484'   \/><label for='answer-id-1338484' id='answer-label-1338484' class=' answer'><span>An obligation on the processor to assist the controller in complying with the controller's obligations to notify the supervisory authority about personal data breaches.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-67' style=';'><div id='questionWrap-67'  class='   watupro-question-id-342150'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>67. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handling Shipping, for his work in reforming certain &quot;rogue&quot; offices. Last year, news broke that a police sting operation had revealed a drug ring operating in the Providence, Rhode Island office in the United States. Video from the office's video surveillance cameras leaked to news operations showed a drug exchange between Special Handling staff and undercover officers. <br \/>\r<br>In the wake of this incident, Kelly had been sent to Providence to change the &quot;hands off&quot; culture that upper management believed had let the criminal elements conduct their illicit transactions. After a few weeks under Kelly's direction, the office became a model of efficiency and customer service. Kelly monitored his workers' activities using the same cameras that had recorded the illegal conduct of their former co-workers. <br \/>\r<br>Now Kelly has been charged with turning around the office in Cork, Ireland, another trouble spot. The company has received numerous reports of the staff leaving the office unattended. When Kelly arrived, he found that even when present, the staff often spent their days socializing or conducting personal business on their mobile phones. Again, he observed their behaviors using surveillance cameras. He issued written reprimands to six staff members based on the first day of video alone. <br \/>\r<br>Much to Kelly's surprise and chagrin, he and the company are now under investigation by the Data Protection Commissioner of Ireland for allegedly violating the privacy rights of employees. Kelly was told that the company's license for the cameras listed facility security as their main use, but he does not know why this matters. He has pointed out to his superiors that the company's training programs on privacy protection and data collection mention nothing about surveillance video. <br \/>\r<br>You are a privacy protection consultant, hired by the company to assess this incident, report on the legal and compliance issues, and recommend next steps. <br \/>\r<br>What does this example best illustrate about training requirements for privacy protection?<\/div><input type='hidden' name='question_id[]' id='qID_67' value='342150' \/><input type='hidden' id='answerType342150' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342150[]' id='answer-id-1338485' class='answer   answerof-342150 ' value='1338485'   \/><label for='answer-id-1338485' id='answer-label-1338485' class=' answer'><span>Training needs must be weighed against financial costs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342150[]' id='answer-id-1338486' class='answer   answerof-342150 ' value='1338486'   \/><label for='answer-id-1338486' id='answer-label-1338486' class=' answer'><span>Training on local laws must be implemented for all personnel.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342150[]' id='answer-id-1338487' class='answer   answerof-342150 ' value='1338487'   \/><label for='answer-id-1338487' id='answer-label-1338487' class=' answer'><span>Training must be repeated frequently to respond to new legislation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342150[]' id='answer-id-1338488' class='answer   answerof-342150 ' value='1338488'   \/><label for='answer-id-1338488' id='answer-label-1338488' class=' answer'><span>Training must include assessments to verify that the material is mastered.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-68' style=';'><div id='questionWrap-68'  class='   watupro-question-id-342151'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>68. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handling Shipping, for his work in reforming certain &quot;rogue&quot; offices. Last year, news broke that a police sting operation had revealed a drug ring operating in the Providence, Rhode Island office in the United States. Video from the office's video surveillance cameras leaked to news operations showed a drug exchange between Special Handling staff and undercover officers. <br \/>\r<br>In the wake of this incident, Kelly had been sent to Providence to change the &quot;hands off&quot; culture that upper management believed had let the criminal elements conduct their illicit transactions. After a few weeks under Kelly's direction, the office became a model of efficiency and customer service. Kelly monitored his workers' activities using the same cameras that had recorded the illegal conduct of their former co-workers. <br \/>\r<br>Now Kelly has been charged with turning around the office in Cork, Ireland, another trouble spot. The company has received numerous reports of the staff leaving the office unattended. When Kelly arrived, he found that even when present, the staff often spent their days socializing or conducting personal business on their mobile phones. Again, he observed their behaviors using surveillance cameras. He issued written reprimands to six staff members based on the first day of video alone. <br \/>\r<br>Much to Kelly's surprise and chagrin, he and the company are now under investigation by the Data Protection Commissioner of Ireland for allegedly violating the privacy rights of employees. Kelly was told that the company's license for the cameras listed facility security as their main use, but he does not know why this matters. He has pointed out to his superiors that the company's training programs on privacy protection and data collection mention nothing about surveillance video. <br \/>\r<br>You are a privacy protection consultant, hired by the company to assess this incident, report on the legal and compliance issues, and recommend next steps. <br \/>\r<br>Knowing that the regulator is now investigating, what would be the best step to take?<\/div><input type='hidden' name='question_id[]' id='qID_68' value='342151' \/><input type='hidden' id='answerType342151' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342151[]' id='answer-id-1338489' class='answer   answerof-342151 ' value='1338489'   \/><label for='answer-id-1338489' id='answer-label-1338489' class=' answer'><span>Consult an attorney experienced in privacy law and litigation.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342151[]' id='answer-id-1338490' class='answer   answerof-342151 ' value='1338490'   \/><label for='answer-id-1338490' id='answer-label-1338490' class=' answer'><span>Use your background and knowledge to set a course of action.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342151[]' id='answer-id-1338491' class='answer   answerof-342151 ' value='1338491'   \/><label for='answer-id-1338491' id='answer-label-1338491' class=' answer'><span>If you know the organization is guilty, advise it to accept the punishment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342151[]' id='answer-id-1338492' class='answer   answerof-342151 ' value='1338492'   \/><label for='answer-id-1338492' id='answer-label-1338492' class=' answer'><span>Negotiate the terms of a settlement before formal legal action takes place.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-69' style=';'><div id='questionWrap-69'  class='   watupro-question-id-342152'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>69. <\/span>SCENARIO <br \/>\r<br>Please use the following to answer the next QUESTION: <br \/>\r<br>Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handling Shipping, for his work in reforming certain &quot;rogue&quot; offices. Last year, news broke that a police sting operation had revealed a drug ring operating in the Providence, Rhode Island office in the United States. Video from the office's video surveillance cameras leaked to news operations showed a drug exchange between Special Handling staff and undercover officers. <br \/>\r<br>In the wake of this incident, Kelly had been sent to Providence to change the &quot;hands off&quot; culture that upper management believed had let the criminal elements conduct their illicit transactions. After a few weeks under Kelly's direction, the office became a model of efficiency and customer service. Kelly monitored his workers' activities using the same cameras that had recorded the illegal conduct of their former co-workers. <br \/>\r<br>Now Kelly has been charged with turning around the office in Cork, Ireland, another trouble spot. The company has received numerous reports of the staff leaving the office unattended. When Kelly arrived, he found that even when present, the staff often spent their days socializing or conducting personal business on their mobile phones. Again, he observed their behaviors using surveillance cameras. He issued written reprimands to six staff members based on the first day of video alone. <br \/>\r<br>Much to Kelly's surprise and chagrin, he and the company are now under investigation by the Data Protection Commissioner of Ireland for allegedly violating the privacy rights of employees. Kelly was told that the company's license for the cameras listed facility security as their main use, but he does not know why this matters. He has pointed out to his superiors that the company's training programs on privacy protection and data collection mention nothing about surveillance video. <br \/>\r<br>You are a privacy protection consultant, hired by the company to assess this incident, report on the legal and compliance issues, and recommend next steps. <br \/>\r<br>What should you advise this company regarding the status of security cameras at their offices in the United States?<\/div><input type='hidden' name='question_id[]' id='qID_69' value='342152' \/><input type='hidden' id='answerType342152' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342152[]' id='answer-id-1338493' class='answer   answerof-342152 ' value='1338493'   \/><label for='answer-id-1338493' id='answer-label-1338493' class=' answer'><span>Add security cameras at facilities that are now without them.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342152[]' id='answer-id-1338494' class='answer   answerof-342152 ' value='1338494'   \/><label for='answer-id-1338494' id='answer-label-1338494' class=' answer'><span>Set policies about the purpose and use of the security cameras.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342152[]' id='answer-id-1338495' class='answer   answerof-342152 ' value='1338495'   \/><label for='answer-id-1338495' id='answer-label-1338495' class=' answer'><span>Reduce the number of security cameras located inside the building.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342152[]' id='answer-id-1338496' class='answer   answerof-342152 ' value='1338496'   \/><label for='answer-id-1338496' id='answer-label-1338496' class=' answer'><span>Restrict access to surveillance video taken by the security cameras and destroy the recordings after a designated period of time.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-70' style=';'><div id='questionWrap-70'  class='   watupro-question-id-342153'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>70. <\/span>You would like your organization to be independently audited to demonstrate compliance with international privacy standards and to identify gaps for remediation. <br \/>\r<br>Which type of audit would help you achieve this objective?<\/div><input type='hidden' name='question_id[]' id='qID_70' value='342153' \/><input type='hidden' id='answerType342153' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342153[]' id='answer-id-1338497' class='answer   answerof-342153 ' value='1338497'   \/><label for='answer-id-1338497' id='answer-label-1338497' class=' answer'><span>First-party audit.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342153[]' id='answer-id-1338498' class='answer   answerof-342153 ' value='1338498'   \/><label for='answer-id-1338498' id='answer-label-1338498' class=' answer'><span>Second-party audit.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342153[]' id='answer-id-1338499' class='answer   answerof-342153 ' value='1338499'   \/><label for='answer-id-1338499' id='answer-label-1338499' class=' answer'><span>Third-party audit.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-342153[]' id='answer-id-1338500' class='answer   answerof-342153 ' value='1338500'   \/><label for='answer-id-1338500' id='answer-label-1338500' class=' answer'><span>Fourth-party audit.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-71'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons8779\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"8779\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-04-15 08:38:13\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1776242293\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"342084:1338221,1338222,1338223,1338224 | 342085:1338225,1338226,1338227,1338228 | 342086:1338229,1338230,1338231,1338232 | 342087:1338233,1338234,1338235,1338236 | 342088:1338237,1338238,1338239,1338240 | 342089:1338241,1338242,1338243,1338244 | 342090:1338245,1338246,1338247,1338248 | 342091:1338249,1338250,1338251,1338252 | 342092:1338253,1338254,1338255,1338256 | 342093:1338257,1338258,1338259,1338260 | 342094:1338261,1338262,1338263,1338264 | 342095:1338265,1338266,1338267,1338268 | 342096:1338269,1338270,1338271,1338272 | 342097:1338273,1338274,1338275,1338276 | 342098:1338277,1338278,1338279,1338280 | 342099:1338281,1338282,1338283,1338284 | 342100:1338285,1338286,1338287,1338288 | 342101:1338289,1338290,1338291,1338292 | 342102:1338293,1338294,1338295,1338296 | 342103:1338297,1338298,1338299,1338300 | 342104:1338301,1338302,1338303,1338304 | 342105:1338305,1338306,1338307,1338308 | 342106:1338309,1338310,1338311,1338312 | 342107:1338313,1338314,1338315,1338316 | 342108:1338317,1338318,1338319,1338320 | 342109:1338321,1338322,1338323,1338324 | 342110:1338325,1338326,1338327,1338328 | 342111:1338329,1338330,1338331,1338332 | 342112:1338333,1338334,1338335,1338336 | 342113:1338337,1338338,1338339,1338340 | 342114:1338341,1338342,1338343,1338344 | 342115:1338345,1338346,1338347,1338348 | 342116:1338349,1338350,1338351,1338352 | 342117:1338353,1338354,1338355,1338356 | 342118:1338357,1338358,1338359,1338360 | 342119:1338361,1338362,1338363,1338364 | 342120:1338365,1338366,1338367,1338368 | 342121:1338369,1338370,1338371,1338372 | 342122:1338373,1338374,1338375,1338376 | 342123:1338377,1338378,1338379,1338380 | 342124:1338381,1338382,1338383,1338384 | 342125:1338385,1338386,1338387,1338388 | 342126:1338389,1338390,1338391,1338392 | 342127:1338393,1338394,1338395,1338396 | 342128:1338397,1338398,1338399,1338400 | 342129:1338401,1338402,1338403,1338404 | 342130:1338405,1338406,1338407,1338408 | 342131:1338409,1338410,1338411,1338412 | 342132:1338413,1338414,1338415,1338416 | 342133:1338417,1338418,1338419,1338420 | 342134:1338421,1338422,1338423,1338424 | 342135:1338425,1338426,1338427,1338428 | 342136:1338429,1338430,1338431,1338432 | 342137:1338433,1338434,1338435,1338436 | 342138:1338437,1338438,1338439,1338440 | 342139:1338441,1338442,1338443,1338444 | 342140:1338445,1338446,1338447,1338448 | 342141:1338449,1338450,1338451,1338452 | 342142:1338453,1338454,1338455,1338456 | 342143:1338457,1338458,1338459,1338460 | 342144:1338461,1338462,1338463,1338464 | 342145:1338465,1338466,1338467,1338468 | 342146:1338469,1338470,1338471,1338472 | 342147:1338473,1338474,1338475,1338476 | 342148:1338477,1338478,1338479,1338480 | 342149:1338481,1338482,1338483,1338484 | 342150:1338485,1338486,1338487,1338488 | 342151:1338489,1338490,1338491,1338492 | 342152:1338493,1338494,1338495,1338496 | 342153:1338497,1338498,1338499,1338500\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"342084,342085,342086,342087,342088,342089,342090,342091,342092,342093,342094,342095,342096,342097,342098,342099,342100,342101,342102,342103,342104,342105,342106,342107,342108,342109,342110,342111,342112,342113,342114,342115,342116,342117,342118,342119,342120,342121,342122,342123,342124,342125,342126,342127,342128,342129,342130,342131,342132,342133,342134,342135,342136,342137,342138,342139,342140,342141,342142,342143,342144,342145,342146,342147,342148,342149,342150,342151,342152,342153\";\nWatuPROSettings[8779] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 8779;\t    \nWatuPRO.post_id = 83023;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.39538000 1776242293\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(8779);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\r\n\r\n\r\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10168,8844],"tags":[17172,17171],"class_list":["post-83023","post","type-post","status-publish","format-standard","hentry","category-cipm-certification","category-iapp","tag-certified-information-privacy-manager-cipm","tag-cipm-exam-dumps-updated"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/83023","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=83023"}],"version-history":[{"count":1,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/83023\/revisions"}],"predecessor-version":[{"id":83024,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/83023\/revisions\/83024"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=83023"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=83023"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=83023"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}