IAPP CIPP/US Practice Exam

Category - Professional

All but which of the following must an organization legally comply with regarding privacy and security of personal, protected information?
  1. Privacy promises and notices
  2. Contractual commitments
  3. Global privacy standards when the organization operates only in the US only serves customers who are US citizens, and data is controlled and processed in the US.
  4. Industry standards (like PCI DSS)
Explanation
Answer: C - An organization must legally comply with privacy promises and notices, contractual commitments, and industry standards, like PCI DSS.
 
An organization operating in the US, serving customers who are US citizens, and handling data in the US alone does not necessarily have an obligation to comply with global privacy standards. However, many organizations work to adhere to stricter privacy standards and regulations as they serve or reach contacts with foreign citizenship. In addition, data is often transferred to processors in other companies.

With evolving privacy standards and regulations, US organizations are constantly working to gain more insights and establish transparency on their use of data while adopting privacy standards in line with stricter regulations, like GDPR.
Was this helpful? Upvote!
Login to contribute your own answer or details

Top questions

Related questions

Most popular on PracticeQuiz