Which of the following are obligations of the processor? Question 1 options:

-Data Security and Confidentiality

-Data Breach Reporting and Types of Data Collected

-Compliance and Data Subjects

-Legal Obligation and Data Security

Which fo the following is the practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or as evidence in a court proceeding? Question 2 options:

-Data Retention

-Redacting

-Assisting Law Enforcement

-Section 702

What or whom is the person whose data is being processed? Question 3 options:

-Health Data

-Data Subject

-Data Security

-Data Object

The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing applies to which of the following? Question 4 options:

-Right to Rectify

-Right to Erasure

-Right to Restrict

-Right to Object

When did the GDPR come into effect? Question 5 options:

-2021

-2017

-2000

-2018

Which of these laws requires qualified health plans to provide continuous coverage after termination to certain beneficiaries? Question 6 options:

-The Consolidated Omnibus Budget Reconciliation Act (COBRA)

-The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

-The Employee Retirement Income Security Act (ERISA)

-The Family and Medical Leave Act (FMLA)

Which of the following is part of the CLOUD Act? Question 7 options:

-A provision in the Foreign Intelligence Surveillance Act Amendments Act of 2008.

-Provides that a federal court order can require the production of any tangible thing for defined foreign investigations.

-Establishes standards and procedures for electronic surveillance that collects foreign intelligence within the United States.

-Creates a new mechanism for other countries to access the content of communications held by U.S. service providers.

Which of the following is a mechanism that exists for lawful transfers of personal data from the EU to the United States? Question 8 options:

-Standard contractual clauses (SCCs).

-EU-U.S. Privacy Shield.

-Binding corporate rules (BCRs).

-Appropriate Safeguards.

What information is OSHA required by law to disclose? Question 9 options:

-Compilation and reporting of information about certain workplace injuries and illnesses.

-Serious adverse events, product problems or medication errors suspected to be associated with the use of regulated drug, biologic, device or dietary supplement.

-Protected health information.

-Routinely required to produce emails, documents and other company records containing substantial personal information.

Employers interested in monitoring the location of company vehicles may generally do so without legal hindrance, provided that the monitoring occurs for business purposes during work hours and employees have been informed beforehand. When is this type of monitoring not authorized? Question 10 options:

-Monitoring the Location of Employer Owned Equipment

-Monitoring an Employee's Social Media Accounts

-Monitoring to ensure that sensitive data is not accessed, misused, or lost by unauthorized users.

-Monitoring the Location of an Employee

Which of the following provides an extra layer of protection for members of the media and media organizations from government searches or seizures in the course of a criminal investigation? Question 11 options:

-Cybersecurity Information Sharing Act

-Communications Assistance to Law Enforcement Act

-Electronic Communications Privacy Act

-Privacy Protection Act

Personal data is permitted to flow freely to countries that have adopted legal protections that EU law deems what? Question 12 options:

-Appropriate

-Adequate

-Derogative

-Binding

When engaged in pretrial discovery in U.S. courts, parties can be caught between conflicting demands. On the one hand, they must comply with U.S. discovery rules that expressly recognize the importance of broad preservation, collection and production. On the other hand, parties may also face compliance obligations under foreign laws that place an emphasis of the protection of personal data and recognize privacy as a fundamental right. Which of the following best defines these statements? Question 13 options:

-General Data Protection Regulation.

-Data Protection Directive.

-Transborder Data Flows.

-Hague Convention on the Taking of Evidence.

When company ABC performs renovations because of a medical condition or disability, the company works with health insurance companies, Medicare/Medicaid, and medical doctors to plan appropriate modifications to the home and to obtain reimbursement from insurers. This sometimes requires ABC to receive, process, store, and transmit Protected Health Information (PHI) generated by medical practitioners or as provided by the customer. ABC received a request to share the collect PHI as part of a state-wide research project into smart homes? Why can ABC not release this information? Question 14 options:

-The Privacy Rule

-Freedom of Information Act (FOIA)

-Attorney-Client Privilege

-Electronic Communication Privacy Act

One of comapny ABC's employee handbook sections covers employee monitoring. An employee filed a complaint with the HR department stating he opposes this monitoring and chooses to opt out. What legal authority allows ABC to monitor employees using company owned resources? Question 15 options:

-The Wiretap Act

-Electronic Communications Privacy Act

-Stored Communications Act

-Communications Assistance to Law Enforcement Act

Company XYZ's current BYOD policy prevents personal devices from connecting directly to the companys VPN. The company is thinking of changing this policy. One concern is theft of trade secrets when an employee leaves XYZ and joins a competitor. In which of the following examples could XYZ demand access to an employee's personal device? Question 16 options:

-Employees may be required to provide access to their personal devices or personal accounts in response to electronic discovery demands in legal proceedings against the company.

-Employees may be required to provide access to their personal device or personal accounts if the device exposed the organization to security vulnerabilities and threats that they could otherwise protect against with work-issued devices.

-Employees may be required to provide access to their personal devices or personal accounts to prevent data loss (ensure that sensitive data is not accessed, misused, or lost by unauthorized users.)

-Employees may be required to provide access to their personal devices or personal accounts to monitor social media accounts.

Company XYZ wants to start using consumer reports obtained from consumer reporting agencies (CRAs) when the HR department performs reference checking and background checks of future and current employees. Permissible purposes for using consumer reports include employment purposes which in turn include (1) preemployment screening for the purpose of evaluating the candidate for employment and (2) determining if an existing employee qualities for promotion, reassignment or retention. Which of the following allows an employer to obtain a consumer report assuming the employer meets all standards? Question 17 options:

-The Electronic Communications Privacy Act (ECPA)

-The Fair Credit Reporting Act (FCRA)

-The National Labor Relations Act (NLRA)

-The Fair Labor Standards Act (FLSA)