Free Assessment - Pathway to More - Professional Test Prep

1. Which of the following entities would NOT be considered a “person” under legal definitions?

A household pet

A human adult

A registered corporation

A nonprofit organization

2. What role do third-party audits play in consent decrees related to privacy violations?

They help ensure the company is complying with the privacy safeguards set forth in the decree

They serve as a way to reduce the company’s penalty amount

They are used to identify new privacy violations that were not previously addressed

They are primarily used to advertise the company’s privacy practices

3. Which federal agency regulates privacy rights related to the transportation industry, particularly concerning passenger data?

U.S. Department of Transportation (DOT)

U.S. Department of Energy

Federal Reserve

Department of Health and Human Services (HHS)

4. What is spear phishing?

A phishing attack tailored to an individual user

A phishing attack using SMS messages

A phishing attack targeting primarily executives with minimal other considerations

A type of legitimate email marketing

5. What is the goal of noise addition in deidentification?

To preserve statistical properties while disrupting individual identification

To completely randomize all data

To make data unreadable in certain organizational contexts

To delete sensitive information

6. What is the foundational legal provision for FTC privacy enforcement?

Section 5 of the FTC Act, which declares unfair or deceptive acts or practices in commerce unlawful

The Privacy Act of 1974, which provides comprehensive privacy protections for consumer data

The Magnuson-Moss Warranty Act, which grants the FTC rulemaking authority for privacy regulations

The Administrative Procedure Act, which establishes the FTC’s enforcement jurisdiction

7. A healthcare provider wants to use patient testimonials in marketing materials. What does HIPAA require?

Written authorization from each patient whose PHI is used

Only verbal consent documented in the medical record

Approval from the hospital ethics committee

De-identification of all patient information mentioned

8. A major data breach occurs at Equifax where hackers steal consumer data. According to a court ruling related to the 2017 Equifax breach, why was there no FCRA violation?

Because Equifax had not furnished the stolen data to the hackers

Because the breach affected fewer than the statutory threshold of consumers

Because Equifax had implemented reasonable security measures before the breach

Because consumer reporting agencies are exempt from FCRA liability for data breaches

9. How does FERPA define the term “record”?

Any information recorded in any way including handwriting, print, computer media, video or audio tape, film, microfilm, and microfiche

Only information stored in digital or electronic format on computer systems

Information that is maintained in official filing systems by administrative personnel

Any information that has been formally reviewed and approved by school officials

10. What does the Telephone Consumer Protection Act (TCPA) prohibit regarding fax transmissions?

The TCPA prohibits unsolicited commercial fax transmissions

The TCPA prohibits all fax transmissions regardless of consent status

The TCPA prohibits faxes only when sent during business hours

The TCPA prohibits faxes containing personal information of third parties

11. What characterizes state statutory protections for employee privacy?

State statutes vary enormously, creating “a patchwork of near bewildering complexity and large gaps”

All states have adopted uniform employment privacy statutes based on model legislation

State statutes provide comprehensive protections that eliminate the need for federal law

State employment privacy laws are coordinated through interstate compacts ensuring consistency

12. How has the ADA affected prehiring practices?

Employers can no longer routinely ask about prior injuries, illnesses, or worker compensation claims

Medical examinations have become mandatory for all positions

Drug and alcohol testing is now prohibited in all circumstances

Background checks are no longer permitted before hiring

13. What does the FCRA regulate beyond credit checks?

Any type of background check obtained from a consumer reporting agency, including criminal and driving records

Only financial information and credit scores

Solely employment verification and reference checks

Exclusively government security clearance procedures

14. What concept describes the historical difficulty of accessing information in paper court records stored in local courthouses?

Practical obscurity

Functional encryption methods applied to physical documents

Physical segregation of sensitive materials in separate facilities

Archival protection through controlled access systems

15. A Virginia company processes data of 25,000 consumers. What revenue threshold from data sales would subject it to regulation?

Deriving at least 50 percent of gross revenues from selling data

Deriving at least 25 percent of gross revenues from selling data

Deriving any revenue or receiving any discount from selling data

Deriving at least 75 percent of gross revenues from selling data

16. What is the first and most common exception allowed by states for data breach notification?

Entities subject to other more stringent data breach notification laws, such as HIPAA

Entities with annual security audits by certified third parties

Entities that have cyber insurance coverage meeting minimum requirements

Entities that are members of industry self-regulatory organizations

17. What elements are commonly included in state definitions of a security breach?

Unauthorized access to or acquisition of electronic files containing personal information that compromises confidentiality, security, or integrity

Authorized employee access to encrypted personal information for legitimate business purposes

Any disclosure of personal information to third parties with consumer consent

Technical vulnerabilities identified during security audits before any actual compromise

18. How many states apply a risk-of-harm analysis in determining whether an incident constitutes a regulated breach?

Nearly all states apply a risk-of-harm analysis

Fewer than 10 states apply a risk-of-harm analysis

All 50 states prohibit risk-of-harm analysis and require notification for any incident

Only states with comprehensive privacy laws apply risk-of-harm analysis

19. What types of harm are typically envisioned by state data breach notification laws?

Identity theft, fraud, and other financial loss

Reputational damage, emotional distress, and loss of privacy

Regulatory fines, compliance costs, and legal liability

Business interruption, operational disruption, and system downtime

20. A bank implements stricter fraud safeguards than required by law. Why?

To follow the spirit and purpose of the law

To qualify for a tax benefit

To gain political power

To challenge the law in court