Free IAPP CIPP-US Exam Actual Questions

The questions for CIPP-US were last updated On Apr 21, 2025

At ValidExamDumps, we consistently monitor updates to the IAPP CIPP-US exam questions by IAPP. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the IAPP Certified Information Privacy Professional/United States exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by IAPP in their IAPP CIPP-US exam. These outdated questions lead to customers failing their IAPP Certified Information Privacy Professional/United States exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the IAPP CIPP-US exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

 

Question No. 1

Which of the following accurately describes the purpose of a particular federal enforcement agency?

Show Answer Hide Answer
Correct Answer: D

The FTC is the primary federal agency responsible for enforcing privacy and data security laws in the United States. The FTC has broad jurisdiction over most commercial entities that collect, use, or share personal information from consumers. The FTC Act prohibits unfair or deceptive acts or practices in or affecting commerce, which includes unfair or deceptive privacy practices. The FTC can bring enforcement actions against companies that violate their own privacy policies, fail to provide adequate notice or choice to consumers, engage in unfair or harmful data practices, or breach consumers' reasonable expectations of privacy. The FTC can also issue rules, guidelines, and reports on privacy and data security issues, as well as conduct investigations, workshops, and educational campaigns.Reference:

IAPP CIPP/US Body of Knowledge, Section I.A.1.a

IAPP CIPP/US Textbook, Chapter 1, pp. 9-12

FTC Privacy and Security Enforcement


Question No. 2

What consumer protection did the Fair and Accurate Credit Transactions Act (FACTA) require?

Show Answer Hide Answer
Correct Answer: B

The Fair and Accurate Credit Transactions Act (FACTA) is a U.S. federal law enacted in 2003 that amended the Fair Credit Reporting Act (FCRA). It introduced a variety of provisions designed to combat identity theft and protect consumer information. One of the key consumer protections required by FACTA is the truncation of credit and debit card numbers on receipts to prevent identity theft.

Details of the Truncation Requirement:

FACTA Section 113 (15 U.S.C. 1681c(g)): Retailers are prohibited from printing more than the last five digits of a credit or debit card number on electronically generated receipts. Additionally, the card's expiration date must also be excluded.

This requirement applies to point-of-sale and other electronically printed receipts and aims to reduce the risk of credit card fraud and identity theft.

Explanation of Options:

A. The ability to correct inaccurate credit report information: This right is protected under the Fair Credit Reporting Act (FCRA), not FACTA specifically.

B. The truncation of account numbers on credit card receipts: This is correct, as it is one of the most notable protections introduced by FACTA to prevent identity theft.

C. The right to request removal from email lists: This right is not provided under FACTA but may be addressed by other laws, such as the CAN-SPAM Act.

D. The issuing of notice when third-party data is used in an adverse decision: This requirement is a provision of the FCRA, not FACTA.

Reference from CIPP/US Materials:

FACTA Section 113 (15 U.S.C. 1681c(g)): Details the truncation requirements for credit and debit card receipts.

IAPP CIPP/US Certification Textbook: Highlights FACTA's measures to protect consumer financial information and prevent identity theft.


Question No. 3

What practice does the USA FREEDOM Act NOT authorize?

Show Answer Hide Answer
Correct Answer: D

The USA FREEDOM Act is a law that was enacted in 2015 to reform the surveillance practices of the U.S. government. The law was a response to the revelations by Edward Snowden about the mass collection of phone records and internet data by the National Security Agency (NSA) under the authority of Section 215 of the USA PATRIOT Act. The USA FREEDOM Act ended the bulk collection of telephone data and internet metadata by the NSA, and instead required the government to obtain a specific order from the Foreign Intelligence Surveillance Court (FISC) to access such data from the telecommunication providers. The law also authorized the following practices:

Emergency exceptions that allow the government to target roamers: The law allows the government to temporarily target a non-U.S. person who is using a phone number or identifier of a U.S. person, without a court order, if there is an emergency situation that involves a threat of death or serious bodily harm. The government must obtain a court order within seven days to continue the surveillance.

An increase in the maximum penalty for material support to terrorism: The law increases the maximum prison term for providing material support or resources to a foreign terrorist organization from 15 years to 20 years.

An extension of the expiration for roving wiretaps: The law extends the sunset date for the roving wiretap provision of the USA PATRIOT Act, which allows the government to obtain a single order from the FISC to conduct surveillance on a target who switches devices or locations, without specifying the device or location. The law extends the expiration date from June 1, 2015 to December 15, 2019.Reference:

USA FREEDOM Act

USA FREEDOM Act Summary

USA FREEDOM Act FAQs


Question No. 4

Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.

Depending on where Matt lives, the marketer could be prosecuted for violating which of the following?

Show Answer Hide Answer
Correct Answer: B

The marketer could be prosecuted for violating the Unfair and Deceptive Acts and Practices (UDAP) laws, which are enforced by the Federal Trade Commission (FTC) and state attorneys general. UDAP laws prohibit businesses from engaging in unfair or deceptive practices that harm consumers, such as false advertising, misleading claims, or hidden fees. In this scenario, the marketer could be accused of deceiving children into providing personal information and preferences under the guise of a survey and a contest, without obtaining verifiable parental consent or disclosing how the information will be used or shared. This could also violate the Children's Online Privacy Protection Act (COPPA), which is a federal law that regulates the online collection and use of personal information from children under 13 years of age.Reference:

[IAPP CIPP/US Study Guide], Chapter 5: Enforcement of Privacy and Security, pp. 177-178.

IAPP CIPP/US Body of Knowledge, Section II: Limits on Private-sector Collection and Use of Data, Subsection A: Government and Court Access to Private-sector Information, Topic 2: Unfair and Deceptive Trade Practices.

IAPP CIPP/US Practice Questions, Question 27.


Question No. 5

A California resident has created an account on your company's online food delivery platform and placed several orders in the past month Later she submits a data subject request to access her personal information under the California Privacy Rights Act.

Based on the CPR

Show Answer Hide Answer
Correct Answer: A, A

Under the California Privacy Rights Act (CPRA), which amends the California Consumer Privacy Act (CCPA), California residents have the right to request access to their personal information collected by a business. However, the CPRA provides an exception for inferences made about an individual for internal purposes, meaning businesses are not obligated to disclose inferences generated solely for internal use.

Key Points Under the CPRA:

Access to Personal Information:

Businesses must provide consumers with access to personal information they have collected, which includes data submitted by the consumer and other information directly associated with the consumer.

Exception for Inferences:

Inferences made about a consumer, particularly when used for internal purposes (e.g., improving services, analytics, or predicting preferences), are not explicitly required to be disclosed under the CPRA unless they are part of the consumer's profile or used for decision-making purposes that affect the consumer.

Examples of Data to Be Provided:

Information provided by the consumer (e.g., email address, account information).

Automatically collected information (e.g., timestamps, purchase history).

Identifiers (e.g., loyalty account numbers).

Explanation of Options:

A . Inferences made about the individual for the company's internal purposes: This is correct. Inferences generated for internal use are not considered part of the data set that must be disclosed in response to a CPRA data access request.

B . The loyalty account number assigned through the individual's use of the services: Loyalty account numbers are directly associated with the consumer and must be provided in response to an access request under the CPRA.

C. The time stamp for the creation of the individual's account in the platform's database: This information is part of the consumer's account data and must be disclosed under the CPRA.

D . The email address submitted by the individual as part of the account registration process: This is personal information directly provided by the consumer and must be disclosed under the CPRA.

Reference from CIPP/US Materials:

CPRA (Civil Code 1798.140): Defines personal information and exceptions for internal use, including inferences.

IAPP CIPP/US Certification Textbook: Discusses consumer rights under the CPRA, including access rights and the treatment of inferences.