info 323 test
. An educational institution may disclose which of the following pieces of information about its students as directory information? A. Sexual orientation B. Social security number C. Address D. Income
--C. Address
Which of the following is the primary mechanism that the FTC uses to enforce privacy laws? A. Civil litigation B. Criminal litigation C. Administrative enforcement action D. Declaratory judgments
--C. Administrative enforcement action
The National Do Not Call Registry violations have civil penalties up to what amount per violation?
--$16,000
An employer can discrimiate in their hiring if it is not discriminating against a protected class of citizen. Which person is protected?
--A disabled, gay, Latino, Christian, female veteran.
When enforcing the Gramm-Leach-Bliley Act ("GLBA"), how does the FTC interpret the term "financial institution"? A. A business that is significantly engaged in financial activities B. A lender regulated by federal banking laws C. A bank operating in the United States D. A business whose main function is to lend money
--A. A business that is significantly engaged in financial activities
The FTC recently classified which of the following activities as a deceptive trade practice? A. A patent assertion entity sending letters with misrepresentations to thousands of small businesses stating that they were infringing patents related to digital copiers B. A used car salesman making verbal misrepresentations about the quality of a car he was selling C. A postal carrier intentionally delivering mail to the wrong address D. A bank failing to insure all cash deposits
--A. A patent assertion entity sending letters with misrepresentations to thousands of small businesses stating that they were infringing patents related to digital copiers
Which of the following should be redacted from a document before it is filed with a federal court? A. All but the last four digits of a Social Security or taxpayer-identification number B. All financial accounts numbers C. A minor's initials D. The date of birth of a party
--A. All but the last four digits of a Social Security or taxpayer-identification number
In accordance with the Family Educational Rights and Privacy Act ("FERPA"), which of the following records does* NOT constitute educational records? A. Campus police records B. School employment records C. School discipline records D. Educational transcripts
--A. Campus police records
Which agency is primarily responsible for protecting employee privacy in the United States? A. Federal Trade Commission ("FTC") B. Federal Communications Commission ("FCC") C. Federal Bureau of Investigation ("FBI") D. Office of Supervisory Jurisdiction ("OSJ")
--A. Federal Trade Commission ("FTC")
What are the primary mechanisms for financial institutions to comply with the Bank Secrecy Act? A. Currency Transaction Reports and Suspicious Activity Reports B. Currency Transaction Reports and Compliance Audits C. Compliance Audits Suspicious Activity Reports D. Information Security Audits and Compliance Reports
--A. Currency Transaction Reports and Suspicious Activity Reports
The Communications Assistance for Law Enforcement Act ("CALEA") requires telecommunication providers to do which of the following? A. Design their equipment and services to enable law enforcement officials to conduct electronic surveillance B. Monitor their customers for suspicious activity C. Report suspicious activity to law enforcement D. Protect children under the age of 13 by prohibiting users from collecting personal information related to children.
--A. Design their equipment and services to enable law enforcement officials to conduct electronic surveillance
Which of the following strategies will prevent a company from having to notify residents of a data breach involving personal information? A. Encrypt all personal information, including sensitive personal information B. Ensure that all personal information is protected by adequate safeguards C. Use a firewall to protect all personal information D. Purge all personal information after one year
--A. Encrypt all personal information, including sensitive personal information
When interviewing an applicant for an open position, an organization may ask which of the following questions without violating antidiscrimination laws? A. If the applicant is currently using illegal drugs B. If the applicant was born in the United States C. If there are any religious holidays that the candidate will need to take off from work if hired D. If the applicant is married
--A. If the applicant is currently using illegal drugs
Which of the following agencies does NOT presently have the power to issue regulations related to consumer privacy? A. Office of the Comptroller of Currency ("OCC") B. Federal Trade Commission ("FTC") C. Consumer Financial Protection Board("CFPB") D. Federal Communication Commission ("FCC")
--A. Office of the Comptroller of Currency ("OCC")
The California Online Privacy Protection Act ("CalOPPA") was amended in 2013 to address what issue? A. Online tracking B. Social networking C. Unsolicited commercial email D. Credit card fraud
--A. Online tracking
Which of the following is an example of a self-regulatory organization? A. PCI Security Standards Council B. Office of the Comptroller of the Currency C. Office of Thrift Supervision D. The National Credit Union Administration
--A. PCI Security Standards Council
What is the basic rule for processing protected health information under the Health Insurance Portability and Accountability Act ("HIPAA")? A. Patients must opt in before their protected health information is shared with other organizations unless the purpose is for treatment, payment, or healthcare operations B. Patients must opt out to prevent their protected health information from being shared with other organizations unless the purpose is for treatment, payment, or healthcare operations C. Processing of protected health information is prohibited for all purposes without opt-in consent D. Processing of protected health information is prohibited for all purposes without opt-out consent
--A. Patients must opt in before their protected health information is shared with other organizations unless the purpose is for treatment, payment, or healthcare operations
Which of the following in a statute enables an individual to directly bring a lawsuit against a person who violates the statute? A. Private right of action B. Confidentiality provision C. Preemption clause D. Indemnity provision
--A. Private right of action
Which of the following is arguably the most important law protecting privacy in the United States because of its broad scope? A. Section 5 of the FTC Act B. Children's Online Privacy Protection Act (COPPA) C. Foreign intelligence surveillance ACT (FISA) D. Communications Assistance for Law Enforcement ACT (CALEA)
--A. Section 5 of the FTC Act
What standard must be satisfied before the government may install a pen register on a telephone line for surveillance purposes? A. The information likely to be obtained is relevant to an ongoing criminal investigation B. Probably cause exists that the person using the line has committed a crime C. Specific and articulable facts justifying the use of the pen register D. The use of a pen does not constitute a search and therefore may be freely installed by the governments.
--A. The information likely to be obtained is relevant to an ongoing criminal investigation B
What was the original purpose of the Health Insurance Portability and Accountability Act ("HI PAA")? A. To improve the efficiency and effectiveness of the health care system B. To mandate affordable healthcare for all citizens of the United States C. To protect sensitive health information D. To prevent pharmaceutical companies from charging unfair prices for lifesaving medication
--A. To improve the efficiency and effectiveness of the health care system
Which of the following may be classified as an unfair trade practice by the Federal Trade Commission ("FTC")? A. Website's privacy notice clearly states that it will not encrypt sensitive personal information, and the website does not, in fact, encrypt the data B. An organization promises to honor opt-out requests within 10 days but fails to honor opt-out requests C. A rogue employee steals credit card information even though the organization took reasonable precautions to protect the credit card information D. A federally insured bank does not comply with a regulation prohibiting the bank from revealing information about its customers
--A. Website's privacy notice clearly states that it will not encrypt sensitive personal information, and the website does not, in fact, encrypt the data
In accordance with the Bank Secrecy Act, under which circumstance must a financial institution file a suspicious activity report? A. When the bank detects a suspicious transaction of $25,000 even if the bank does not know the identity of the perpetrator B. For all transactions over $10,000 C. For all transactions over $5,000 D. When the bank detects a suspicious cash transaction of $1,000 coupled with a credit transaction of $3,000
--A. When the bank detects a suspicious transaction of $25,000 even if the bank does not know the identity of the perpetrator
What types of educational records are not covered by FERPA?
--Alumni.
How promptly must businesses that send unsolicited commercial emails process opt-out requests received from consumers? A. 7 days B. 10 days C. 30 days D. 45 days
--B. 10 days
A company with an existing business relationship with a consumer may call the consumer for up to how long after the consumer's last purchase? A. 12Months B. 18months C. 24 months D. There is no limit so long as there is an existing business relationship
--B. 18months
The Telemarketing Sales Rule defines "telemarketing" as which of the following? A. An automated telephone call to a consumer for the purposes of effectuating a sale B. A plan, program, or campaign to induce the purchase of goods or services or a charitable contribution involving more than one interstate telephone call C. The solicitation of goods or services through one or more telephones D. A plan or program to induce the purchase of goods (excluding charitable contributions) involving more than one interstate telephone call
--B. A plan, program, or campaign to induce the purchase of goods or services or a charitable contribution involving more than one interstate telephone call
Which of the following would be classified as a deceptive trade practice by the FTC? A. A website's privacy notice clearly states that it will not encrypt sensitive personal information, and the website does not, in fact, encrypt the data B. An organization promises to honor opt-out requests within 10 days but fails to honor opt-out requests. C. A rogue employee steals credit card information even though the organization took reasonable precautions to protect the credit card information D. A bank does not comply with a regulation prohibiting the bank from revealing information about its customers
--B. An organization promises to honor opt-out requests within 10 days but fails to honor opt-out requests.
The Federal Trade Commission ("FTC") was originally founded to enforce which body of law? A. Employee privacy B. Antitrust C. Tax and banking D. International trade
--B. Antitrust
The Children's Online Privacy Protection Act ("COPPA") prevents website operators from performing which of the following activities? A. Creating a website with content designed for children under 13 yrs of age. B. Collecting personal information from children under 13 yrs of age C. Displaying a picture of a child after obtaining verifiable parental consent D. Operating a website that is geared towards children in the united states with servers located outside the US.
--B. Collecting personal information from children under 13 years of age
The Health Insurance Portability and Accountability Act ("HIPAA") applies to whom? A. Domestic health institutions B. Covered entities and their business associates C. Book publishers of medical information D. Domestic financial institutions
--B. Covered entities and their business associates
Which of the following is NOT mandated by the Privacy Rule of the Health Insurance Portability and Accountability Act ("HIPAA")? A. Covered entities with a direct treatment relationship with a patient must provide the patient with a privacy notice before the first service encounter B. Covered entities must use and disclose protected health information for treatment, payment, and healthcare operations C. Covered entities must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions D. A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information
--B. Covered entities must use and disclose protected health information for treatment, payment, and healthcare operations
Domestic financial institutions are required to provide an annual privacy notice to which of the following? A. Consumers B. Customers C. Employees D. Contractors
--B. Customers
Which branch U.S. government is responsible for enforcing laws? A. Legislative B. Executive C. Judicial D. Administrative
--B. Executive
The Red Flags Rule is designed to combat what type of activity? A. Acquisition of personal information from minors B. Identity theft C. inappropriate disclosure of financial information D. Transfer of personal information out of the United States
--B. Identify theft
Which of the following practices was NOT implemented by the Fair and Accurate Credit Transactions Act ("FACTA")? A. Consumers have the right to obtain one free copy of their credit report from each of the three major national credit bureaus every 12 months B. Merchants may print the first 4 digits of a credit card number on a receipt C. Implemented the Disposal Rule to ensure that proper disposal of information in consumer reports and records are protected against unauthorized access to or use of the information. D. Implemented the Red Flags Rule to help combat identity theft
--B. Merchants may print the first 4 digits of a credit card number on a receipt
Which of the following companies was directed by the Federal Trade Commission ("FTC") to implement a comprehensive information security program for allegedly carrying out a deceptive trade practice with respect to its Passport web service? A. Google B. Microsoft C. Gateway Learning D. GeoCities
--B. Microsoft
. Which of the following is an example of personal information from a public record? A. Health plan number from an insurance card B. Name and address of an owner of a piece of real estate from a real estate deed C. Driver's license number from a government issued citation D. Genetic information from a private genome project
--B. Name and address of an owner of a piece of real estate from a real estate deed
In accordance with the Health Insurance Portability and Accountability Act ("HIPAA"), the Department of Health and Human Services ("HHS") has promulgated which of the following rules to address the handling of protected health information? A. Transaction Rule and Equal Access Rule B. Privacy Rule and the Security Rule C. Privacy Rule and Equal Access Rule D. Security Rule and the Notification Rule
--B. Privacy Rule and the Security Rule
When a website operator states in its privacy notice that it will not share financial information with third parties and then shares financial information with a third-party affiliate, what recourse may occur? A. The FTC may bring an action against the operator for unfair competition B. The FTC may bring an action against the operator for a deceptive trade practice C. A user of the website may bring a criminal complaint against the operator D. The FTC may bring an action under Section 7 of the FTC Act
--B. The FTC may bring an action against the operator for a deceptive trade practice
Which of the following occurred as a result of Health Information Technology for Economic and Clinical Health ("HITECH") Act? A. Covered entities were required to enter into written contracts with business associates ensuring privacy and security of protected health information B. The HIPAA Security Rule was extended to business associates of covered entities C. Covered entities were required to take reasonable steps to limit the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose D. Covered entities were required to take appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information
--B. The HIPAA Security Rule was extended to business associates of covered entities
When an employer obtains an investigative consumer report on an employee suspected of misconduct, which of the following is required? A. The employer must provide advance notice of the investigation to the employee B. The employer must provide a summary of the nature and scope of the investigation if adverse action is taken as a result of the investigation C. The employer must obtain the employee's consent to the investigation D. The employer must certify to the consumer reporting agency that the necessary notices have been provided to the employee
--B. The employer must provide a summary of the nature and scope of the investigation if adverse action is taken as a result of the investigation
Which of the following is considered a best practice after terminating an employee? A. The employer should allow the employee a minimum of two weeks to collect his belongings and return all corporate assets B. The employer should restrict or terminate the employee's access to the company's informational assets and collect all computing devices storing company information, including personal information C. The employer should immediately change all administrator passwords and delete the employee's user account D. The employer should forward all mail directed to the former employee to the former employee's new mailing address
--B. The employer should restrict or terminate the employee's access to the company's informational assets and collect all computing devices storing company information, including personal information
What is the original purpose of bank secrecy laws? A. To enable banks to better share information B. To protect customer's personal and financial information C. To permit access of financial data by government authorities for national security purposes D. To ensure creditors have appropriate access to a debtor's financial information
--B. To protect customer's personal and financial information
When may the government rightfully seize work product materials from a journalist? A. When there is reason to believe that the seizure of the materials may prevent harm B. When there is probable cause to believe that the journalist has committed a criminal offense to which the materials relate C. When the source of the materials has provided consent D. Never; the work product of a journalist is unconditionally protected
--B. When there is probable cause to believe that the journalist has committed a criminal offense to which the materials relate
. Violations of the Children's Online Privacy Protection Act ("COPPA") may result in a civil fine of how much per violation? A. $1,000 B. $10,000 C. $16,000 D. $100,000
--C. $16,000
In accordance with the Fair Credit Reporting Act ("FCRA"), willful violations of the Act are punishable by a statutory maximum penalty of how much per violation? A.$500 B.$2,000 C. $2,500 D.There is no limit
--C. $2,500
In accordance with the Fair Credit Reporting Act ("FCRA"), what is an investigative consumer report? A. Factual information on a consumer's credit record obtained directly from a creditor of the consumer or from a consumer reporting agency B. A consumer report containing information about a consumer's past employment C. A consumer report containing information on a consumer's character, general reputation, personal characteristics, or mode of living that is obtained through personal interviews D. A report generated by a third-party investigator relating to a consumer's health
--C. A consumer report containing information on a consumer's character, general reputation, personal characteristics, or mode of living that is obtained through personal interviews
Which of the following types of calls are NOT regulated by the National Do Not Call Registry? A. Calls to consumers living in Puerto Rico and the District of Columbia B. Automated telephone calls C. Calls from political organizations, charities, telephone surveyors, or companies with which a consumer has an existing business relationship D. Calls made manually without the assistance of an automated dialer
--C. Calls from political organizations, charities, telephone surveyors, or companies with which a consumer has an existing business relationship
. When requesting a consumer's consent to make unsolicited pre-recorded telemarketing calls ("robocalls") to the consumer, what standard is used to evaluate the propriety of the notice? A. Reasonable B. Clear and convincing C. Clear and conspicuous D. Beyond a reasonable doubt
--C. Clear and conspicuous
Which of the following is NOT a source of American law? A. Regulatory bodies B. Legislature C. Common law D. Court decisions
--C. Common law
. Which of the following is a type of agreement issued by an administrative agency in which the defendant agrees to stop the alleged illegal activity without admitting fault? A. Subpoena B. Judgment C. Consent decree D. National security letter
--C. Consent decree
The Disposal Rule contained in the Fair and Accurate Credit Transactions Act ("FACTA") applies to which type of documents? A. Educational records B. Financial data C. Consumer reports and records D. Employee evaluations
--C. Consumer reports and records
The Privacy Protection Act ("PPA") protects which of the following? A. A promotional flyer created by a religious institution B. An article written by a student at an educational institution for internal dissemination C. Documentary material held by a journalist D. A book published by the government
--C. Documentary material held by a journalist
Which of the following organizations promotes cross-border information sharing and enforcement efforts for privacy authorities across the world? A. International Organization for Standardization ("ISO") B. Asia-Pacific Economic Cooperation ("APEC") C. Global Privacy Enforcement Network ("GPEN") D. Union of International Associations ("UIA")
--C. Global Privacy Enforcement Network ("GPEN")
Which of the following are types of risk associated with the improper use of personal information? A. Statutory risk and environmental risk B. Legal risk and implicit risk C. Legal risk and reputational risk D. Investment risk and inherent risk
--C. Legal risk and reputational risk
Which of the following is one of the main purposes of the Fair Credit Reporting Act (FCRA)? A. Give employers the right to correct credit reports for their employees. B. Encourage the dissemination of consumer data to foreign companies with a need to know the data. C. Limit the use of consumer reports to permissible purposes D. Allow data reporters to place a debt on a consumer's credit report if they have a reasonable suspicion of the debts.
--C. Limit the use of consumer reports to permissible purposes
97. Domestic financial institutions are required to provide the customer with the opportunity to opt out of sharing what type of information with unaffiliated third-parties? A. Personal information B. Publicly available information C. Non-public personal information D. De-identified personal information
--C. Non-public personal information
The Children's Online Privacy Protection Act ("COPPA") applies to whom? A. Operators of websites soliciting business in the United States B. Operators of websites soliciting financial information from customers in the United States C. Operators of commercial websites that are directed to children under 13 years of age D. Operators of commercial websites that are directed to children under 18 years of age
--C. Operators of commercial websites that are directed to children under 13 years of age
Which of the following states have a data breach notification law that mandates the notice contain the approximate date of the breach? A. Massachusetts B. California C. Oregon D. New York
--C. Oregon
The Gramm-Leach-Bliley Act ("GLBA") prohibits which of the following practices? A. Sharing of personal information B. Transfer of financial accounts to financial institutions located outside the United States C. Pretexting D. Lending of money to individuals residing overseas
--C. Pretexting
In civil litigation, what is the appropriate mechanism for a party to contest the scope of a discovery request seeking confidential information that would cause serious injury to the party if disclosed? A. Motion to compel B. Subpoena C. Protective order D. Judgment on the merits
--C. Protective order
Common law is derived from which of the following? A. Statutes created by the legislature B. The United States Constitution C. Societal customs and expectations D. Executive orders
--C. Societal customs and expectations
Which of the following is NOT a requirement of the Fair Credit Reporting Act ("FCRA")? A. Consumer reporting agencies furnish consumer reports only to persons having a permissible purpose B. Users of consumer reports certify to the consumer reporting agency their permissible purpose and also certify that the information contained in the consumer report will not be used for any other purpose C. State consumer reporting agencies must provide consumers with a free copy of their credit report every year D. If a user takes any adverse action based on information contained in a consumer report, the user must provide notice of the adverse action to the consumer
--C. State consumer reporting agencies must provide consumers with a free copy of their credit report every year
The Do Not Call Registry applies to what type of marketing? A. Email marketing B. Unsolicited commercial messages C. Telemarketing D. Online marketing
--C. Telemarketing
Which of the following cannot be included in the notification letter to affected residents after discovery of a data breach in accordance with Massachusetts law? A. Information about the consumer's right to obtain a police report B. Information on how the affected individual can obtain a credit freeze C. The number of residents affected by the breach D. Contact information for national consumer reporting agencies
--C. The number of residents affected by the breach
Which of the following statements accurately describe National Security Letters ("NSLs")? A. They may only be issued by officials in FBI headquarters B. They may only request information pertaining to a foreign power or the agent of a foreign power C. They do not require prior judicial authorization D. They may not contain nondisclosure provisions prohibiting the recipient from disclosing the contents of the letter
--C. They do not require prior judicial authorization
The Children's Online Privacy Protection Act ("COPPA") was enacted to primarily prevent which of the following activities? A. To prevent children from using a parent's credit card information without consent B. To protect the privacy of children under 18 years of age C. To protect children from malicious or abusive users of interactive online services D. To educate parents about the danger of the Internet
--C. To protect children from malicious or abusive users of interactive online services
May an operator of a general audience website rely on age information submitted by its users to determine if it must comply with the Children's Online Privacy Protection Act ("COPPA")? A. No, COPPA applies to all general audience websites with users under the age of 13 B. No, an operator will be deemed to have knowledge of the true age of all website users regardless of user-submitted age information C. Yes, the operator may rely on user-submitted age information unless he has actual knowledge that a child under the age of 13 is using the website D. Yes, the operator may rely on user-submitted age information even if he has actual knowledge that children under the age of 13 are using the website
--C. Yes, the operator may rely on user-submitted age information unless he has actual knowledge that a child under the age of 13 is using the website
In accordance with the Family Educational Rights and Privacy Act ("FERPA"), a school must provide parents or eligible students with their educational records within how many days of a request for the records? A.10 days B.30 days C.45 days D.90 days
--C.45 days
In accordance with the Fair Credit Reporting Act ("FCRA"), a consumer is entitled to a free copy of his credit report if he requests the report within how many days after an adverse action? A.30 days B.45 days C.60 days D.120 days
--C.60 days
. An operator of which of the following is regulated by the Children's Online Privacy Protection Act ("COPPA")? A. A general audience website that provides online games B. A mobile application for paying utility bills C. A social networking service directed to children over 13 D. A general audience website that provides online games when the operator has knowledge that the games are being played by children under the age of 13
--D. A general audience website that provides online games when the operator has knowledge that the games are being played by children under the age of 13
California's security breach notification law requires which entities to disclose a breach of security of unencrypted personal information to California residents? A. Only companies physically located in California B. Only state agencies C. Only companies that conduct business in California D. All state agencies and companies that conduct business in California
--D. All state agencies and companies that conduct business in California
Which of the following is NOT a major step when developing an effective information management program? A. Discover B. Build C. Communicate D. Compensate
--D. Compensate
The Gramm-Leach-Bliley Act ("GLBA") applies to which organizations? A. All organizations that process financial data B. Financial organizations with more than 10,000 customers C. All organizations regulated by the Department of Commerce D. Domestic financial institutions
--D. Domestic financial institutions
Which of the following accurately describes an employer's ability to conduct video surveillance of its employees? A. Employers may conduct video surveillance of their employees as long as the employer has a legitimate business interest in the surveillance B. Employers may never conduct video surveillance of their employees because it constitutes an invasion of privacy C. Employers may conduct video surveillance of their employees after obtaining consent from the manager of the employees D. Employers may generally conduct video surveillance of their employees as long as the surveillance is not in a private place where employees have an expectation of privacy
--D. Employers may generally conduct video surveillance of their employees as long as the surveillance is not in a private place where employees have an expectation of privacy
Which of the following agencies is NOT responsible for enforcing a violation of the Genetic Information Nondiscrimination Act ("GINA")? A. Department of Labor B. Department of Health and Human Services ("HSS") C. Equal Employment Opportunity Commission ("EEOC") D. Federal Trade Commission("FTC")
--D. Federal Trade Commission("FTC")
. Which of the following is NOT a permissible purpose for a consumer reporting agency to furnish a consumer report? A. In accordance with the written instructions of the consumer to whom it relates B. To a person who intends to use the information in connection with a credit transaction involving the consumer C. In response to an order of a court D. For verification of eligibility for Social Security
--D. For verification of eligibility for Social Security
Which of the following companies allegedly committed an unfair trade practice by retroactively changing their privacy policy to permit the sharing of personal information without notifying its users? A. Microsoft B. Eli Lilly C. Google D. Gateway Learning
--D. Gateway Learning
. The Genetic Information Nondiscrimination Act ("GINA") prohibits discrimination based on genetic information for which type of insurance? A. Life insurance B. Disability insurance C. Long-term care insurance D. Health insurance
--D. Health insurance
Which of the following may be considered personal information? A. Financial data of an organization B. Intellectual property of an organization C. Operational data of an organization D. Human resources data of an organization
--D. Human resources data of an organization
FERPA allows disclosure of PII for the following: (Check all that apply) a. to determine financial aid eligibility. b. to another educational institution for enrollment. c. to comply with a judicial order. d. if disclosure is to the alleged victim of a forcible or nonforcible sex offense. e. to school officials who have a "legitimate and educational interest" in the records. f. to appropriate parties in connection with a "health or safety emergyecy" to protect the student or others.
--all apply
What is the main purpose of the Fair Credit Reporting Act ("FCRA")? A. Enable data reporters to efficiently report valid debts on a consumer's credit report B. Allow employers to quickly access financial data of their employees C. Increase the ability of the government to access consumer reports of suspected criminals D. Increase the accuracy and fairness of credit reporting and limit the use of consumer reports to permissible purposes
--D. Increase the accuracy and fairness of credit reporting and limit the use of consumer reports to permissible purposes
Which of the following is considered a best practice when an organization is considering posting employee photographs on its internal intranet website? A. Process all employee requests to take down their photograph within 5 business days of receiving the request B. Require written consent from employees after posting their photographs C. Request a photograph from each employee before the employee is hired and obtain consent for posting the photograph in the employment agreement D. Obtain the employee's consent before posting the photograph
--D. Obtain the employee's consent before posting the photograph
Which of the following is NOT regulated by the Children's Online Privacy Protection Act (COPPA)? A. Online contact information B. A screen name that functions as online contact information C. A photograph of a child D. Pornography
--D. Pornography
Which of the following is NOT a primary impact of the USA PATRIOT Act? A. Enhancing the federal government's capacity to share intelligence. B. Strengthening the criminal laws against terrorism. C. Removing obstacles to investigating terrorism D. Preventing foreign nationals from traveling to the United States
--D. Preventing foreign nationals from traveling to the United States
Which of the following is NOT a type of safeguard mandated by the Security Rule of the Health Insurance Portability and Accountability Act ("HIPAA")? A. Technical B. Administrative C. Physical D. Procedural
--D. Procedural
Which of the following is NOT exempt from disclosure under the Freedom of Information Act ("FOIA")? A. Records containing trade secrets B. Records containing the location of oil wells C. Records describing the data handling practices of financial institutions D. Records pertaining to federal regulatory agencies, federal employees, and federal agents
--D. Records pertaining to federal regulatory agencies, federal employees, and federal agents
. Which of the following types of information is NOT protected by the Genetic Information Nondiscrimination Act ("GINA")? A. The results of an individual's genetic tests B. The manifestation of a disease or disorder in family members C. A request for, or receipt of, genetic services D. Sex or age of an individual
--D. Sex or age of an individual
Which of the following is not a right set forth in the Consumer Privacy Bill of Rights introduced by the Obama administration? A. Access and accuracy B. Transparency C. Security D. Simplicity
--D. Simplicity
If a third-party telemarketer acting on behalf of a charity calls a consumer, how may the consumer prevent the third-party telemarketer from calling him again in the future? A. Register his phone number with the National Do Not Call Registry B. Call the local police department and file a formal complaint C. File a formal complaint with the Federal Bureau of Investigation D. Specifically ask the third-party telemarketer not to call again and to place his number on the telemarketer's entity-specific do not call list
--D. Specifically ask the third-party telemarketer not to call again and to place his number on the telemarketer's entity-specific do not call list
Which of the following correctly describes the Gramm-Leach-Bliley Act ("GLBA")? A. The Act is based on the permissible purpose approach to privacy B. The Act covers all financial information, including publicly available information C. The Act requires opt-in consent when sharing financial information with unaffiliated third parties D. The Act establishes a complicated set of privacy and security requirements for domestic financial institutions
--D. The Act establishes a complicated set of privacy and security requirements for domestic financial institutions
The National Do Not Call Registry is primarily enforced by which two entities? A. Department of Transportation and the FTC B. U.S. Department of Justice and the FTC C. Department of Commerce and the FCC D. The FTC and FCC
--D. The FTC and FCC
In accordance with the Fair Credit Reporting Act ("FCRA"), willful disclosure of financial information in violation of the Act is punishable by a penalty of how much? A. $500 B. $2,000 C. $2,500 D. There is no limit
--D. There is no limit
. What was the primary purpose for creating the National Do Not Call Registry? A. To mandate affirmative consumer consent before any entity may conduct a telemarketing call B. To prohibit telemarketing calls placed late at night or during dinner time C. To prohibit all telemarketing calls D. To offer consumers a choice regarding telemarketing calls
--D. To offer consumers a choice regarding telemarketing calls
In accordance with the Electronic Communications Privacy Act ("ECPA"), when may a person lawfully monitor another's telephone call? A. Only when both parties to the call have given their consent B. Monitoring telephones call is illegal under all circumstances C. Ten days after providing notice of the monitoring to both parties of the call D. When one of the parties to the call has given his consent
--D. When one of the parties to the call has given his consent
83. The CAN-SPAM Act applies to what type of electronic messages? A. Where the secondary purpose of the message is transactional B. Where the secondary purpose of the message is commercial C. Where the primary purpose of the message is transactional D. Where the primary purpose of the message is commercial
--D. Where the primary purpose of the message is commercial
FERPA applies to all educational institutions that receive federal funding.
--TRUE
The FCC in 2012 amended rules to allow health care related entities governed by HIPPA to use robocalling.
--TRUE
According to the Right to Financial Privacy Act, the government cannot access a person's financial records unless the request is reasonably specific and what condition is met? a. the customer authorizes access. b. the records are subject to a subpoena or search warrant. c. there's an appropriate written request from an authorized government authority. d. a or b, above. e. none of the above. f. any of the above
--f. any of the above.