CIPM Exam Prep Questions & Answers
What are the overarching objectives to first establish a privacy program? - ANS -
1) Define Vision
2) Set privacy strategy
3) Develop the team and methods to measure
Secondary:
1)
...
CIPM Exam Prep Questions & Answers
What are the overarching objectives to first establish a privacy program? - ANS -
1) Define Vision
2) Set privacy strategy
3) Develop the team and methods to measure
Secondary:
1) Set expectations
2) Ensure daily operations align with objectives
3) Grant Power
Developing Company Vision Steps - ANS - 1) Mission Statement: short statement (2-4
sentences) regarding why you make the privacy decisions you do, what it is that you do, show
the value placed on privacy, define objectives, define roles
2) Develop Privacy Program Scope: to develop scope, must identify the data, sources of data, the
law, the information privacy and security minimum requirements within such law, and the
repercussions for failing to conform
3) Obtain executive sponsorship for program
Primary Concern of In-House Privacy Professional - ANS - Ensure all law, regs, contractual
commitments and industry practices are followed
Developing Vision>Privacy Program Scope - ANS - 1) Know the law
2) Know the data
Developing Vision>Privacy Program Scope > Know the Data - ANS - Think of the organization
as a heat map and/or a plumbing system. Trying to keep all data within the plumbing without any
leaks. In areas of high PI processing, and an emphasis on areas of sensitive PI processing, the
heatmap becomes more intense.
Developing Vision>Privacy Program Scope > Know the Data > Crazy 8 Questions to Ask
Regarding Data Processing to Help Define Privacy Program Scope - ANS - 1) Where does it
come from and who does it flow to?
2) When is the data collected?
3) What is collected? And how is it collected?
4) Who has access to it? Include third parties.
5) Why is it necessary to have?
6) What is the data being used for?
7) Where is the data stored physically?
8) What are the legal requirements for the data?
Developing Vision > Privacy Program Scope > Know the Data > 6 Legal Questions to Ask to
Help Define Program Scope - ANS - 1) What PI does the law cover?
2) What types of people/companies are covered?
3) What are the privacy or security requirements or prohibitions?
4) Who enforces the law?
5) What are the repercussions for failure to abide?
6) Why does the law exist?
High-Level statutory information security requirements that can be found within various U.S.
laws - ANS - 1) Infosec program
2) Encryption
3) PI inventory
4) Training
5) "Reasonable infosec"
6) Privacy Officer
7) Breach notice
8) PCI-DSS
9) Authentication
10) Accountability and
11) Data destruction
12) Retention limits
13) Collection limits
14) Incident response plan (DR and BC)
15) Risk assessments
16) Third-party evaluation
17) Physical controls
18) Background checks
19) Contractual protections
High-Level statutory information privacy requirements that can be found within various U.S.
laws (11 questiosns) - ANS - 1) Privacy policy
2) Who PI sent to
3) Why and how collected (should include info on cookies, web beacons, urls, IP addresses, etc.)
4) How it's used
5) Secondary consent for any secondary purpose
6) Description of the data lifecycle: collection, use, purpose, disclosure, retention, deletion
7) Contract clauses
8) Controls on what minors can do
9) Data breach procedures
10) Privacy awareness/education
11) Data subject asccess, modification, authentication controls
Develop Privacy Program > Set Strategy > Business Alignment > Steps to Implement - ANS - 1)
Develop the business case for privacy (risk and operational efficiency)
2) Develop data governance strategy
3) Conduct Privacy Workshop
[Show More]
.png)
.png)
