Question 6 of 285
A key principle of an effective privacy policy is that it should be?
    Correct Answer: A

    A key principle of an effective privacy policy is that it should be written in enough detail to cover the majority of likely scenarios. This ensures that the policy provides clear guidance on how personal data will be handled in various situations, thereby helping to protect the privacy of individuals whose data is collected and processed. A detailed policy is also helpful in demonstrating compliance with legal and regulatory requirements.

Question 7 of 285
What was the first privacy framework to be developed?
    Correct Answer: C

    The correct answer is the Code of Fair Information Practice Principles (FIPPs). The FIPPs were first articulated in 1973 in the U.S. Department of Health, Education and Welfare's report titled 'Records, Computers and the Rights of Citizens.' This predates the OECD Privacy Principles, which were codified in 1980, making the FIPPs the first developed privacy framework.

Question 8 of 285
Which of the following became a foundation for privacy principles and practices of countries and organizations across the globe?
    Correct Answer: D

Question 9 of 285
SCENARIO -
Kyle is a new security compliance manager who will be responsible for coordinating and executing controls to ensure compliance with the company's information security policy and industry standards. Kyle is also new to the company, where collaboration is a core value. On his first day of new-hire orientation, Kyle's schedule included participating in meetings and observing work in the IT and compliance departments.
Kyle spent the morning in the IT department, where the CIO welcomed him and explained that her department was responsible for IT governance. The CIO and
Kyle engaged in a conversation about the importance of identifying meaningful IT governance metrics. Following their conversation, the CIO introduced Kyle to
Ted and Barney. Ted is implementing a plan to encrypt data at the transportation level of the organization's wireless network. Kyle would need to get up to speed on the project and suggest ways to monitor effectiveness once the implementation was complete. Barney explained that his short-term goals are to establish rules governing where data can be placed and to minimize the use of offline data storage.
Kyle spent the afternoon with Jill, a compliance specialist, and learned that she was exploring an initiative for a compliance program to follow self-regulatory privacy principles. Thanks to a recent internship, Kyle had some experience in this area and knew where Jill could find some support. Jill also shared results of the company's privacy risk assessment, noting that the secondary use of personal information was considered a high risk.
By the end of the day, Kyle was very excited about his new job and his new company. In fact, he learned about an open position for someone with strong qualifications and experience with access privileges, project standards board approval processes, and application-level obligations, and couldn't wait to recommend his friend Ben who would be perfect for the job.
Ted's implementation is most likely a response to what incident?
    Correct Answer: D

    Ted is implementing a plan to encrypt data at the transportation level of the organization's wireless network. This suggests that the organization is aiming to protect its data while it is being transmitted wirelessly. An incident where confidential information discussed during a strategic teleconference was intercepted by a competitor aligns best with this action, as such an incident would highlight the importance of securing wireless communications to prevent eavesdropping.

Question 10 of 285
SCENARIO -
Kyle is a new security compliance manager who will be responsible for coordinating and executing controls to ensure compliance with the company's information security policy and industry standards. Kyle is also new to the company, where collaboration is a core value. On his first day of new-hire orientation, Kyle's schedule included participating in meetings and observing work in the IT and compliance departments.
Kyle spent the morning in the IT department, where the CIO welcomed him and explained that her department was responsible for IT governance. The CIO and
Kyle engaged in a conversation about the importance of identifying meaningful IT governance metrics. Following their conversation, the CIO introduced Kyle to
Ted and Barney. Ted is implementing a plan to encrypt data at the transportation level of the organization's wireless network. Kyle would need to get up to speed on the project and suggest ways to monitor effectiveness once the implementation was complete. Barney explained that his short-term goals are to establish rules governing where data can be placed and to minimize the use of offline data storage.
Kyle spent the afternoon with Jill, a compliance specialist, and learned that she was exploring an initiative for a compliance program to follow self-regulatory privacy principles. Thanks to a recent internship, Kyle had some experience in this area and knew where Jill could find some support. Jill also shared results of the company's privacy risk assessment, noting that the secondary use of personal information was considered a high risk.
By the end of the day, Kyle was very excited about his new job and his new company. In fact, he learned about an open position for someone with strong qualifications and experience with access privileges, project standards board approval processes, and application-level obligations, and couldn't wait to recommend his friend Ben who would be perfect for the job.
Which of the following should Kyle recommend to Jill as the best source of support for her initiative?
    Correct Answer: C