Free IAPP CIPP-C Exam Questions
Absolute Free CIPP-C Exam Practice for Comprehensive Preparation
-
IAPP CIPP-C Exam Questions
-
Provided By: IAPP
- Exam: Certified Information Privacy Professional/ Canada (CIPP/C)
- Certification: IAPP Certification Programs
-
Total Questions: 152
-
Updated On: Mar 13, 2026
-
Rated: 4.9 |
-
Online Users: 304
-
Question 1
-
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than
500 individuals. According to Federal law under HIPAA, which of the following would the covered entity
NOT have to report the breach to?
Answer: D
-
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than
500 individuals. According to Federal law under HIPAA, which of the following would the covered entity
NOT have to report the breach to?
-
Question 2
-
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car
dealer holding a paper folder of customer credit reports?
Answer: C
-
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car
dealer holding a paper folder of customer credit reports?
-
Question 3
-
SCENARIOPlease use the following to answer the next QUESTIONFelicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friendCeleste open a jewelry store in California. Felicia, despite being excited at the prospect, has a number ofsecurity concerns, and has only grudgingly accepted the need to hire other employees. In order to guardagainst the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission,Felicia would like to run credit checks, administer polygraph tests, and scrutinize videos of interviews. Sheintends to read applicants’ postings on social media, ask QUESTION NO:s about drug addiction, and solicitcharacter references. Felicia believes that if potential employees are serious about becoming part of a dynamicnew business, they will readily agree to these requirements.Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants toprevent mistakes during transactions, which will require video monitoring. She also wants to regularly checkthe company vehicle’s GPS for locations visited by employees. She also believes that employees who use theirown devices for work-related purposes should agree to a certain amount of supervision.Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told thatmany types of background checks are not allowed under California law. Her friend Celeste thinks theseworries are unfounded, as long as applicants verbally agree to the checks and are offered access to the results.Nor does Celeste share Felicia’s concern about state breach notification laws, which, she claims, would becostly to implement even on a minor scale. Celeste believes thateven if the business grows a customer database of a few thousand, it’s unlikely that a state agency wouldhassle an honest business if an accidental security incident were to occur.In any case, Celeste feels that all they need is common sense – like remembering to tear up sensitivedocuments before throwing them in the recycling bin. Felicia hopes that she’s right, and that all of herconcerns will be put to rest next month when their new business consultant (who is also a privacyprofessional) arrives from North Carolina.Based on Felicia’s Bring Your Own Device (BYOD) plan, the business consultant will most likely adviseFelicia and Celeste to do what?
Answer: D
-
-
Question 4
-
Which of the following best describes an employer’s privacy-related responsibilities to an employee who hasleft the workplace?
Answer: B
-
-
Question 5
-
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as anagent, the organization must ensure the third party does all of the following EXCEPT?
Answer: D
-