Security+ Chapter 25
Which law prohibits the collection of information from children on web sites? - VPPA - FERPA - COPPA - CFAA
COPPA
Which of the following countries has a long reputation of poor privacy practices? - England - Japan - China - United States
China
The EU has developed a comprehensive concept of privacy, which is administered via a set of statutes known as what? - Privacy protection - Data protection - PII protection - ID theft protection
Data protection
Which law mandates that information that is no longer needed must be properly disposed of, either by burning, pulverizing, or shredding? - FCRA - PCI DSS - FACTA - GBLA
FACTA
Which act requires credit agencies to perform timely investigations on inaccuracies reported by consumers? - FCRA - PCI DSS - FACTA - GBLA
FCRA
A school principle allows for student information to be accessed by a marketing company in exchange for goods and services for the school. The principle may have violated which law? - Privacy Act of 1974 - FOIA - FERPA - FACTA
FERPA
Which law was designed to enable public access to US government records? - Privacy Act of 1974 - FOIA - FERPA - FACTA
FOIA
FCRA is designed to protect educational records of students at the K-12 level. True or False
False
FERPA was designed to enable public access to US government records. True or False
False
In order to identify a specific individual, the entire set of PII must be disclosed. True or False
False
Privacy laws as they relate to education are very recent phenomena. True or False
False
The governments in Europe and the United States have taken the same approach to controlling privacy through legislation. True or False
False
A patient's medical records are shared with a third party who is not a medical professional and without the patient's approval. Which law may have been violated? - FERPA - FOIA - HIPAA - The Medical Records Security and Safety Act
HIPAA
Which of the following is a standard that provides guidance on the elements of a credit card transaction that needs protection and the level of expected protection? - FCRA - PCI DSS - FACTA - GBLA
PCI DSS
A privacy-enhancing technology called cookie cutter does which of the following? - Makes copies of your information for safe keeping - Makes sure when you connect to sites you use the same appropriate information - Prevents the transfer of cookies between browsers and web servers. - Is used by server to prevent the use of unnecessary cookies
Prevents the transfer of cookies between browsers and web servers.
A structured approach to determining the gap between desired privacy performance and actual privacy performance is called - Personal impact assessment - Privacy information assessment - Personal privacy assessment - Privacy impact assessment
Privacy impact assessment
Which of the following is true about the Family Education Records and Privacy Act of 1974? - Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandated certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet - Protects student records from being accessed by anyone other than the student or student's family - Makes it a violation of federal law to knowingly use another's identity - Implements the principle that a signature, contract, or other record may not be - Denies legal effect, validity, or enforceability solely because it is electronic form
Protects student records from being accessed by anyone other than the student or student's family
What is the mechanism for self-regulation that can be enforced through trade practice law via the FTC called? - PII protection - Safe sailing - Safe Harbor - Harbor protection
Safe Harbor
In the United States the primary path to privacy is _______. In Europe the primary path to privacy is _________. - opt-in; opt-in - opt-in; opt-out - opt-out; opt-out - opt-out; opt-in
opt-out; opt-in
A video rental store shares its customer database with a private investigator. The rental store may have violated which law? - COPPA - VPPA - FERPA - CFAA
VPPA
FACTA mandates that information that is no longer needed must be properly disposed of. True or False
True
In the United States, the primary path to privacy is via opt-out, whereas in Europe and other countries, it is via opt-in. True or False
True
The development of a privacy policy is an essential foundational element of a company's privacy stance. True or False
True
The three things that should govern how good citizenry collects PII are notice, choice, and consent. True or False
True
VPAA is considered to be the strongest US privacy law by many privacy advocates. True or False
True
