Free IAPP CIPP-US Exam Actual Questions

The questions for CIPP-US were last updated On Mar 28, 2025

At ValidExamDumps, we consistently monitor updates to the IAPP CIPP-US exam questions by IAPP. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the IAPP Certified Information Privacy Professional/United States exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by IAPP in their IAPP CIPP-US exam. These outdated questions lead to customers failing their IAPP Certified Information Privacy Professional/United States exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the IAPP CIPP-US exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

 

Get All 195 Questions
Question No. 1

Under state breach notification laws, which is NOT typically included in the definition of personal information?

Show Answer Hide Answer
Correct Answer: B

Under state breach notification laws, personal information is typically defined as an individual's first name or first initial and last name plus one or more other data elements, such as Social Security number, state identification number, account number, medical information, etc. However, first and last name alone are not usually considered personal information, unless they are combined with other data elements that could identify the individual or compromise their security or privacy.Therefore, option B is the correct answer, as it is not typically included in the definition of personal information under state breach notification laws.Reference: https://www.ncsl.org/technology-and-communication/security-breach-notification-laws https://iapp.org/resources/article/state-data-breach-notification-chart/


Question No. 2

SCENARIO

Please use the following to answer the next QUESTION:

A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.

The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her

withdrawal of consent and request for erasure of her personal dat

a. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: ''Please act immediately by identifying all personal data received from our company.''

This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.

As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.

Under the General Data Protection Regulation (GDPR), how would the U.S.-based startup company most likely be classified?

Show Answer Hide Answer
Correct Answer: B

The data privacy leader needs to identify all the personal data that the Company has received from the retailer, as well as the purposes, retention periods, and sharing practices of such data. Since the data inventory is obsolete, the data privacy leader cannot rely on it to provide accurate and complete information. Therefore, the next best source of information is to interview the key marketing personnel who are responsible for the partnership with the retailer and the use of the personal data. The marketing personnel can provide insights into the data flows, the data categories, the data processing activities, and the data protection measures that the Company has implemented. They can also help the data privacy leader to locate the relevant documents, contracts, and records that can support the investigation.Reference:[IAPP CIPP/US Study Guide], Chapter 5: Data Management, p. 97-98;IAPP Privacy Tech Vendor Report, Data Mapping and Inventory, p. 9-10.


Question No. 3

The ''Consumer Privacy Bill of Rights'' presented in a 2012 Obama administration report is generally based on?

Show Answer Hide Answer
Correct Answer: D

The Consumer Privacy Bill of Rights is a set of principles that the Obama administration proposed in 2012 to guide the development of privacy legislation and policies in the United States.The report that introduced the bill of rights stated that it was 'generally based on the widely accepted Fair Information Practice Principles (FIPPs)'1, which are a set of standards that originated in the 1970s and have influenced many privacy laws and frameworks around the world.The FIPPs include concepts such as individual control, transparency, security, accountability, and data minimization2.The Consumer Privacy Bill of Rights adapted and expanded these principles to address the challenges and opportunities of the digital economy1.Reference:1: Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy2, page 92: IAPP CIPP/US Certified Information Privacy Professional Study Guide3, page 17.


Question No. 4

When does the Telemarketing Sales Rule require an entity to share a do-not-call request across its organization?

Show Answer Hide Answer
Correct Answer: A

The Telemarketing Sales Rule (TSR) is a federal regulation that implements the Telemarketing and Consumer Fraud and Abuse Prevention Act of 1994.The TSR aims to protect consumers from deceptive or abusive telemarketing practices, such as unwanted calls, false or misleading claims, unauthorized billing, and privacy violations1.

The TSR requires telemarketers and sellers to comply with the National Do Not Call Registry, which is a list of phone numbers of consumers who have indicated that they do not want to receive telemarketing calls2.

The TSR also requires telemarketers and sellers to honor the do-not-call requests of individual consumers, regardless of whether their numbers are on the National Do Not Call Registry or not2.

A do-not-call request is a statement made by a consumer, either orally or in writing, that they do not wish to receive any more calls from a specific telemarketer or seller2.

The TSR requires an entity to share a do-not-call request across its organization when the operational structures of its divisions are not transparent to consumers3.This means that the entity must treat the do-not-call request as if it applies to all of its affiliates and subsidiaries that engage in telemarketing, unless the consumer would reasonably expect them to be separate and distinct entities based on their names, products, or services3.

The TSR does not require an entity to share a do-not-call request across its organization in the following situations:

When the goods and services sold by its divisions are very similar. This is not a relevant factor for determining whether the entity must share a do-not-call request across its organization.The key factor is whether the consumers can distinguish between the different divisions based on their operational structures3.

When a call is not the result of an error or other unforeseen cause. This is not an exception to the requirement to honor a do-not-call request.The TSR prohibits telemarketers and sellers from calling a consumer who has made a do-not-call request, unless the call falls under one of the specific exemptions, such as calls from or on behalf of tax-exempt nonprofit organizations, calls to consumers with whom the seller has an established business relationship, or calls to consumers who have given prior express written consent2.

When the entity manages user preferences through multiple platforms. This is not an excuse for not sharing a do-not-call request across its organization.The TSR requires telemarketers and sellers to maintain an internal do-not-call list of consumers who have asked them not to call again, and to update the list at least once every 31 days2.The entity must ensure that the do-not-call request is recorded and communicated across all of its platforms that are used for telemarketing purposes3.


Question No. 5

Which of the following best describes private-sector workplace monitoring in the United States?

Show Answer Hide Answer
Correct Answer: A

In the United States, there is no comprehensive federal law that regulates employee monitoring in the private sector. Instead, there are various federal and state laws that address specific aspects of monitoring, such as electronic communications, video surveillance, GPS tracking, and biometric data. Generally, these laws provide more protection for employees' privacy when they are using their own devices or personal accounts, or when they are outside of work hours or premises. However, when employees are using company-owned devices or accounts, or when they are performing work-related tasks, employers have broad authority to monitor their activities, as long as they have a legitimate business interest and do not violate any specific laws.Employers are also advised to inform employees of their monitoring practices and obtain their consent, either explicitly or implicitly, to avoid potential legal disputes or employee backlash123Reference: https://www.jibble.io/article/us-employee-monitoring

https://www.worktime.com/most-asked-questions-on-us-employee-monitoring-laws


Get All 195 Questions Explore Other IAPP Exams