Cybersecurity Worksheet – Consumers have a right to exercise control

Central Washington University Cybersecurity Worksheet

Question 1         

Consumers have a right to exercise control over what personal data companies collect from them and how they use it. This defines which right from the Consumer Privacy Bill of Rights?

Respect for Context

Access and Accuracy

Individual Control

Accountability

Question 2         

The Equal Employment Opportunity Commission, for the Americans with Disabilities Act, oversees which type of privacy?

Medical Privacy

Financial Privacy

Workplace Privacy

Telemarketing and Marketing Privacy

Question 3         

Each state has a law roughly similar to Section 5 of the FTC Act. These laws are commonly known as what?

CAN-SPAM Act

Deceptive Trade Practices

Unfair and Deceptive Acts and Practices (UDAP)

Transparency

Question 4         

In what type of Federal Trade Commission (FTC) enforcement does the respondent not admit fault, but promises to change its practices and avoids further litigation on the issue?

Magnuson-Moss Authority

Deceptive Trade Practices

Consent Decrees

Unfair Trade Practices

Question 5         

Which type of law does the following statement refer to: “Legal principles that have developed over time in judicial decisions, often drawing on social customs and expectations”?

Tort Law

Contract Law

Common Law

Case Law

Question 6         

Which agency has general authority to enforce against unfair and deceptive trade practices, notably including the power to bring deception enforcement actions where a company has broken a privacy promise?

DOT

FTC

FCC

HHS

Question 7         

Which branch of government duties include enforcing and administering the law?

Judicial Branch

Executive Branch

Congressional Branch

Legislative Branch

Question 8         

Which of the following best describes consent decree?

Both the federal Congress and the state legislatures have enacted a variety of privacy and security laws. These regulate many different matters, including certain applications of information (such as use of information for marketing or preemployment screening), certain industries (such as financial institutions or healthcare providers), certain data elements (such as Social Security numbers or driver’s license information) or specific harms (such as identity theft or children’s online privacy).

Civil wrongs are recognized by law as the grounds for lawsuits. These wrongs result in an injury or harm that constitutes the basis for a claim by the injured party. Primary goals of are to provide relief for damages incurred and deter others from committing the same wrongs.

A judgment entered by agreement of the parties whereby the defendant agrees to stop alleged illegal activity, typically without admitting guilt or wrongdoing. In the privacy enforcement sphere, for example, the FTC has entered into numerousagreements with companies as a result of alleged violations of privacy laws, such as the Children’s Online Privacy Protection Act (COPPA).

Some laws require regulatory agencies such as the Federal Trade Commission or the Federal Communications Commission to issue regulations and rules. These place specific compliance expectations on the marketplace.

Question 9         

Markets, Technology, Law, and Self-/Co-Regulation are examples of what?

Sources of Personal Information

Processing of Personal Information

Models of Data Protection

Sources of Privacy Protection

Question 10       

Financial data, Operational data, and Intellectual property are examples of what?

Information Assets of an Organization

Data Subject

Publicly Available Information

Public records

Question 11       

Which of the following best describes processing personal information?

Controls the use of personal information by determining the purposes for its use and the manner in which the information will be processed.

Typically occurs through the privacy policy of a company or other entity, or by an industry association.

Non-public information that not generally available or easily accessed due to law or custom. Examples include medical records, financial information and adoption records.

The collection, recording, organization, storage, updating or modification, retrieval, consultation and use of personal information.

Question 12       

Public Records, Publicly Available Information, and Non-Public Information are examples of what?

Models of Data Protection

Sources of Privacy Protection

Sources of Personal Information

Processing of Personal Information

Question 13       

Fair Information Practices (FIPs) are principles for handling, storing, and managing data with privacy, security, and fairness in an information society that is rapidly evolving. These principles can be conceived in four categories. Which FIP principle does the following statement belong? “Notice: Organizations should provide notice about their privacy policies and procedures, and should identify the purpose for which personal information is collected, used, retained, and disclosed.”

Controls on the Information

Rights of Individuals

Management

Information Lifecycle

Question 14       

The Organisation for Economic Co-operation and Development (OECD) Guidelines, updated in 2013, are perhaps the most widely recognized framework for FIPs and have been endorsed by the U.S. Federal Trade Commission (FTC) and many other government organizations. Which of the following best defines the Use Limitation Principle?

Personal data should not be disclosed, made available or otherwise used for purposes other than those specified.

The purposes for which personal data are collected should be specified not later than at the time of data collection.

Personal data should be relevant to the purposes for which they are to be used.

Personal data should be protected by reasonable security.

Question 15       

Which type of privacy is concerned with placing limits on the ability to intrude into another individual’s environment?

Communications privacy

Territorial privacy

Information privacy

Bodily privacy

Question 16       

In which type of tort law does the subject often use the defense that the speaker is exercising free speech rights under the First Amendment?

Liability Torts

Privacy Torts

Negligent Torts

Intentional Torts

Question 17       

Even in the absence of statutes protecting confidentiality, common law has long upheld which of the following in relation to privacy?

Doctor-Patient Confidentiality

Congressional Confidentialities

Journalists Naming Sources

Religious Confidentialities

Question 18       

Which of the following is the ability to specify whether personal information will be collected and/or how it will be used or disclosed?

Acceptance

Access

Notice

Choice

Question 19       

Smart-TVs, Drones, and Ransomware are examples of what?

New technologies that have varied state laws to follow.

New technologies that have varied self-regulating requirements.

New technologies that have cross-border enforcement issues.

New technologies that raise important consumer protection issues.

Question 20       

As the volume of cross-border data transfers increases, privacy enforcement increasingly involves companies and government agencies in more than one jurisdiction. Which of the following is not a key issues of cross-border enforcement?

Self-Regulation and Enforcement

Cross-Border Enforcement

Cooperation Between Enforcement Agencies

Conflicts Between Privacy and Disclosure Laws

Question 21       

FTC categorizes the Privacy Bill of Rights into three themes. Which theme is described here: “Privacy notices should be clearer, shorter and more standardized to enable better comprehension and comparison of privacy practices.”

Transparency

Privacy by Design

Simplified Consumer Choice

Brokering Data

Question 22       

Which of the following was emphasized in both the White House consumer bill of rights and the 2012 FTC report?

Transparency

Individual Control

Accountability

Security

Question 23       

Red Clay is licensed to do business as a general contractor for residential buildings in three states (DE, MD, PA). The company’s architects maintain professional licensure in their state of residence. The company’s general counsel is licensed to practice law in Delaware and Maryland. The Chief Financial Officer is a Certified Public Accountant (CPA) and licensed to practice in all three states. In terms of privacy law, which of the best defines jurisdiction?

Specific authority is targeted at singular activities that are outlined by legislation.

A superior government’s ability to have its laws supersede those of an inferior government.

The authority of a court to hear a particular case.

A superior government’s ability to have its laws supersede those of an inferior government.

Question 24       

Red Clay respects their customer’s right to privacy. Their websites and other public-facing content inform individuals about what information is collected, how the information is used and disclosed, how to exercise any choices about uses or disclosures, and whether the individual can access or update the information. This action supports two purposes of US Privacy Laws: (1) consumer education and (2) corporate accountability. What are these external communications referred to?

Choice

Jurisdiction

Access

Notices

Question 25       

Red Clay chooses to promote consumer privacy throughout its organizations and at every stage in the development of its products and services. Red Clay also chooses to incorporate substantive privacy protections into their practices, such as data security, reasonable collection limits, sound retention and disposal practices, and data accuracy. These actions describe which of the FTC privacy enforcement areas?

Transparency

Privacy by design

Do Not Track

Simplified consumer choice

Question 26       

The Consumer Privacy Bill of Rights is based on traditional fair information practices. The bill of rights states that these rights should apply to commercial uses of personal data. As such, Red Clay must collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. Which right is this?

Transparency

Focused collection

Individual control

Respect for context

Question 27       

When examining data protection and privacy laws and practices, it can be helpful to focus on four categories or classes of privacy. Which two of the four categories of privacy apply to Red Clay?

Territorial privacy and Bodily Privacy

Information privacy and Communications privacy

Information privacy and Bodily Privacy

Communications privacy and Bodily Privacy

Question 28       

Red Clay strives to ensure they comply with all privacy laws, regulations, standards, guidelines, etc. Fair Information Practices (FIPs) are guidelines for handling, storing, and managing data with privacy, security, and fairness in an information society that is rapidly evolving. Notice, Choice and Consent, and Data Subject Access are associated with which of the following FIPs principle?

Controls on the Information

Rights of Individuals

Management

Information Lifecycle