Cybersecurity MIS 399 - Chapter 25 (Quiz 12)
Which data destruction method is considered to be one of the gold standard methods? A. Shredding B. Degaussing C. Burning D. Wiping
Burning
__________ requires that sites obtain parental permission, post a privacy policy detailing specifics concerning information collected from children, and describe how the children's information will be used. A. VPPA B. FERPA C. COPPA D. CFAA
COPPA
__________ are responsible for the day-to-day caretaking of data. A. Data creators B. Data custodians C. Data owners D. Privacy officers
Data custodians
Which act requires credit agencies to perform timely investigations on inaccuracies reported by consumers? A. FCRA B. PCI DSS C. FACTA D. GBLA
FCRA
A school principle allows for student information to be accessed by a marketing company in exchange for goods and services for the school. The principle may have violated which law? A. Privacy Act of 1974 B. FOIA C. FERPA D. FACTA
FERPA
Which law was designed to enable public access to U.S. government records? A. Privacy Act of 1974 B. FOIA C. FERPA D. FACTA
FOIA
T/F? Data wiping is destructive to the media.
False
T/F? Privacy laws as they relate to education are very recent phenomena.
False
A patient's medical records are shared with a third party who is not a medical professional and without the patient's approval. Which law may have been violated? A. FERPA B. FOIA C. HIPAA D. The Medical Records Security and Safety Act
HIPAA
What does the privacy-enhancing technology called cookie cutter do? A. It makes copies of your information for safe keeping. B. It makes sure when you connect to sites you use the same appropriate information. C. It prevents the transfer of cookies between browsers and web servers. D. It is used by servers to prevent the use of unnecessary cookies.
It prevents the transfer of cookies between browsers and web servers.
Which contractual regulation is a standard that provides guidance on what elements of a credit card transaction need protection and the level of expected protection? A. FCRA B. PCI DSS C. FACTA D. GBLA
PCI DSS
Which term refers to a structured approach to determining the gap between desired privacy performance and actual privacy performance? A. Personal impact assessment B. Privacy information assessment C. Personal privacy assessment D. Privacy impact assessment
Privacy impact assessment
What is the mechanism for self-regulation that can be enforced through trade practice law via the FTC? A. PII protection B. Safe Sailing C. Safe Harbor D. Harbor Protection
Safe Harbor
In the United States, the primary path to privacy is via __________, whereas in Europe and other countries, it is via __________. A. opt-in; opt-in B. opt-in; opt-out C. opt-out; opt-out D. opt-out; opt-in
opt-out; opt-in
The EU has developed a comprehensive concept of privacy, which is administered via a set of statutes known as __________. A. privacy protection B. data protection C. PII protection D. ID theft protection
data protection
T/F? Fair and Accurate Credit Transactions Act (FACTA) mandates that information that is no longer needed must be properly disposed or irreversibly destroyed.
True
T/F? The development of a privacy policy is an essential foundational element of a company's privacy stance.
True
T/F? The three words that can govern good citizenry when collecting PII are notice, choice, and consent.
True
T/F? Video Privacy Protection Act (VPPA) is considered to be the strongest U.S. privacy law by many privacy advocates.
True
A video rental store shares its customer database with a private investigator. The rental store may have violated which law? A. COPPA B. VPPA C. FERPA D. CFAA
VPPA
