IAPP CIPP/US Practice Exam

Category - Professional

Vendor management is not only a best practice for data protection and privacy. It is also required by U.S. federal laws, including:
  1. HIPAA state laws in Massachusetts, Illinois, and California
  2. Gramm-Leach-Bliley Act
  3. New York Department of Financial Services Cybersecurity Rules (NYCRR 500)
  4. All of the above
Explanation
Answer: D - U.S. federal laws, including the GLBA, HIPAA state laws (Massachusetts, Illinois, and California), and regulations set forth by municipalities, like the New York Department of Financial Services Cybersecurity Rules, require vendor management by organizations collecting data that is shared with third-party vendors for processing and other purposes.

The European Data Protection Regulation mandates that a data controller may only rely on data processing vendors who contractually guarantee the implementation of appropriate measures to ensure the privacy and security of sensitive data shared with them by the controller.
Was this helpful? Upvote!
Login to contribute your own answer or details

Top questions

Related questions

Most popular on PracticeQuiz