Free IAPP CIPP-US Exam Actual Questions

The questions for CIPP-US were last updated On Jun 13, 2025

At ValidExamDumps, we consistently monitor updates to the IAPP CIPP-US exam questions by IAPP. Whenever our team identifies changes in the exam questions,exam objectives, exam focus areas or in exam requirements, We immediately update our exam questions for both PDF and online practice exams. This commitment ensures our customers always have access to the most current and accurate questions. By preparing with these actual questions, our customers can successfully pass the IAPP Certified Information Privacy Professional/United States exam on their first attempt without needing additional materials or study guides.

Other certification materials providers often include outdated or removed questions by IAPP in their IAPP CIPP-US exam. These outdated questions lead to customers failing their IAPP Certified Information Privacy Professional/United States exam. In contrast, we ensure our questions bank includes only precise and up-to-date questions, guaranteeing their presence in your actual exam. Our main priority is your success in the IAPP CIPP-US exam, not profiting from selling obsolete exam questions in PDF or Online Practice Test.

 

Get All 195 Questions
Question No. 1

What was the original purpose of the Foreign Intelligence Surveillance Act?

Show Answer Hide Answer
Correct Answer: C

The Foreign Intelligence Surveillance Act (FISA) was enacted in 1978 in response to revelations of widespread privacy violations by the federal government under President Nixon.It established procedures for requesting judicial authorization for electronic surveillance and physical search of persons engaged in espionage or international terrorism against the United States on behalf of a foreign power1The original purpose of FISA was to further define a framework for authorizing wiretaps by the executive branch for national security purposes under Article II of the Constitution, which grants the president the power to conduct foreign affairs and defend the nation23FISA was intended to balance the need for collecting foreign intelligence information with the protection of privacy and civil liberties of U.S.persons4Reference: https://www.intelligence.gov/foreign-intelligence-surveillance-act

https://www.intelligence.gov/foreign-intelligence-surveillance-act/1234-categories-of-fisa


Question No. 2

Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

Show Answer Hide Answer
Correct Answer: B

The Children's Online Privacy Protection Act (COPPA) is a federal law that regulates the online collection and use of personal information from children under 13 years of age. COPPA requires operators of websites or online services that are directed to children, or that knowingly collect personal information from children, to obtain verifiable parental consent before collecting, using, or disclosing such information. Verifiable parental consent means any reasonable effort (taking into consideration available technology) to ensure that before personal information is collected from a child, the child's parent receives notice of the operator's information practices and consents to those practices. COPPA also imposes other obligations on operators, such as providing parents with access to their children's information, maintaining reasonable security measures, and limiting data retention.Reference:COPPA,IAPP CIPP/US Study Guide, Chapter 2, Section 2.3.1


Question No. 3

Which federal law or regulation preempts state law?

Show Answer Hide Answer
Correct Answer: A

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a federal law that regulates the privacy and security of health information in the United States.HIPAA preempts state laws that are contrary to its provisions, unless the state laws provide more stringent protections for health information12HIPAA establishes a floor of federal standards for health information privacy and security, but allows states to enact laws that are more protective of individuals' rights34For example, some states may require more specific consent from individuals before disclosing their health information, or impose stricter penalties for violations of health information privacy and security.HIPAA also provides exceptions for certain state laws that serve a compelling public interest, such as public health, safety, or welfare. Reference: https://www.findlaw.com/litigation/legal-system/the-supremacy-clause-and-the-doctrine-of-preemption.html

https://www.bonalaw.com/insights/legal-resources/when-does-federal-law-preempt-state-law


Question No. 4

Which of the following practices is NOT a key component of a data ethics framework?

Show Answer Hide Answer
Correct Answer: A

A data ethics framework is a set of principles and guidelines that help organizations ensure that their data practices are ethical, responsible, and trustworthy.According to the IAPP CIPP/US Study Guide, some of the key components of a data ethics framework are1:

Data governance: the policies, processes, and standards that govern how data is collected, used, stored, and shared within an organization.

Preferability testing: the process of assessing the potential impacts and risks of data-driven solutions on stakeholders, such as customers, employees, and society.

Auditing: the process of monitoring, reviewing, and verifying the compliance and performance of data practices against the established ethical standards and legal requirements. Automated decision-making, on the other hand, is not a key component of a data ethics framework, but rather a data practice that may raise ethical issues and challenges.Automated decision-making refers to the use of algorithms, artificial intelligence, or machine learning to make decisions or recommendations without human intervention2.While automated decision-making can offer benefits such as efficiency, accuracy, and consistency, it can also pose risks such as bias, discrimination, lack of transparency, and accountability3. Therefore, automated decision-making should be subject to ethical evaluation and oversight, but it is not itself a part of a data ethics framework.Reference:

[IAPP CIPP/US Study Guide], Chapter 10, Section 10.4, page 287

[IAPP Glossary], Automated Decision-Making

IAPP Resources, Ethical Data Use and Automated Decision-Making: A Practical Guide


Question No. 5

What information did the Red Flag Program Clarification Act of 2010 add to the original Red Flags rule?

Show Answer Hide Answer
Correct Answer: B

The Red Flag Program Clarification Act of 2010 amended the original Red Flags rule, which required certain financial institutions and creditors to develop and implement a written identity theft prevention program.The Clarification Act narrowed the definition of creditor to include only those who regularly and in the ordinary course of business advance funds to or on behalf of a person, based on an obligation of the person to repay the funds or repayable from specific property pledged by or on behalf of the person12.This excludes creditors who advance funds for expenses incidental to a service provided by the creditor to that person3.Reference:

CIPP/US Practice Questions (Sample Questions), Question 133, Answer B, Explanation B.

IAPP CIPP/US Certified Information Privacy Professional Study Guide, Chapter 4, Section 4.3, p. 108-109.

Red Flag Program Clarification Act of 2010, Section 2, Subsection (b).


Get All 195 Questions Explore Other IAPP Exams