- Home
- IAPP
- Certified Information Privacy Professional/United States (CIPP/US)
- IAPP.CIPP-US.v2025-06-10.q88
- Question 78
Valid CIPP-US Dumps shared by ExamDiscuss.com for Helping Passing CIPP-US Exam! ExamDiscuss.com now offer the newest CIPP-US exam dumps, the ExamDiscuss.com CIPP-US exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CIPP-US dumps with Test Engine here:
Access CIPP-US Dumps Premium Version
(228 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 78/88
A California resident has created an account on your company's online food delivery platform and placed several orders in the past month Later she submits a data subject request to access her personal information under the California Privacy Rights Act.
Based on the CPRA. which of the following data elements would your company NOT have to provide to the requestor once her identity has been verified?
Based on the CPRA. which of the following data elements would your company NOT have to provide to the requestor once her identity has been verified?
Correct Answer: A
Under the California Privacy Rights Act (CPRA), which amends the California Consumer Privacy Act (CCPA), California residents have the right to request access to their personal information collected by a business. However, the CPRA provides an exception for inferences made about an individual for internal purposes, meaning businesses are not obligated to disclose inferences generated solely for internal use.
Key Points Under the CPRA:
* Access to Personal Information:
* Businesses must provide consumers with access to personal information they have collected, which includes data submitted by the consumer and other information directly associated with the consumer.
* Exception for Inferences:
* Inferences made about a consumer, particularly when used for internal purposes (e.g., improving services, analytics, or predicting preferences), are not explicitly required to be disclosed under the CPRA unless they are part of the consumer's profile or used for decision-making purposes that affect the consumer.
* Examples of Data to Be Provided:
* Information provided by the consumer (e.g., email address, account information).
* Automatically collected information (e.g., timestamps, purchase history).
* Identifiers (e.g., loyalty account numbers).
Explanation of Options:
* A. Inferences made about the individual for the company's internal purposes:This is correct.
Inferences generated for internal use are not considered part of the data set that must be disclosed in response to a CPRA data access request.
* B. The loyalty account number assigned through the individual's use of the services:Loyalty account numbers are directly associated with the consumer and must be provided in response to an access request under the CPRA.
* C. The time stamp for the creation of the individual's account in the platform's database:This information is part of the consumer's account data and must be disclosed under the CPRA.
* D. The email address submitted by the individual as part of the account registration process:This is personal information directly provided by the consumer and must be disclosed under the CPRA.
References from CIPP/US Materials:
* CPRA (Civil Code § 1798.140): Defines personal information and exceptions for internal use, including inferences.
* IAPP CIPP/US Certification Textbook: Discusses consumer rights under the CPRA, including access rights and the treatment of inferences.
Key Points Under the CPRA:
* Access to Personal Information:
* Businesses must provide consumers with access to personal information they have collected, which includes data submitted by the consumer and other information directly associated with the consumer.
* Exception for Inferences:
* Inferences made about a consumer, particularly when used for internal purposes (e.g., improving services, analytics, or predicting preferences), are not explicitly required to be disclosed under the CPRA unless they are part of the consumer's profile or used for decision-making purposes that affect the consumer.
* Examples of Data to Be Provided:
* Information provided by the consumer (e.g., email address, account information).
* Automatically collected information (e.g., timestamps, purchase history).
* Identifiers (e.g., loyalty account numbers).
Explanation of Options:
* A. Inferences made about the individual for the company's internal purposes:This is correct.
Inferences generated for internal use are not considered part of the data set that must be disclosed in response to a CPRA data access request.
* B. The loyalty account number assigned through the individual's use of the services:Loyalty account numbers are directly associated with the consumer and must be provided in response to an access request under the CPRA.
* C. The time stamp for the creation of the individual's account in the platform's database:This information is part of the consumer's account data and must be disclosed under the CPRA.
* D. The email address submitted by the individual as part of the account registration process:This is personal information directly provided by the consumer and must be disclosed under the CPRA.
References from CIPP/US Materials:
* CPRA (Civil Code § 1798.140): Defines personal information and exceptions for internal use, including inferences.
* IAPP CIPP/US Certification Textbook: Discusses consumer rights under the CPRA, including access rights and the treatment of inferences.
- Question List (88q)
- Question 1: SCENARIO Please use the following to answer the next QUESTIO...
- Question 2: SCENARIO Please use the following to answer the next QUESTIO...
- Question 3: Which of the following data elements is most likely to be su...
- Question 4: SCENARIO Please use the following to answer the next QUESTIO...
- Question 5: In March 2012, the FTC released a privacy report that outlin...
- Question 6: SCENARIO Please use the following to answer the next QUESTIO...
- Question 7: Chanel Hair Studio is a busy high-end hair salon. In an effo...
- Question 8: Which of the following state laws has an entity exemption fo...
- Question 9: Which of the following practices is NOT a key component of a...
- Question 10: Smith Memorial Healthcare (SMH) is a hospital network headqu...
- Question 11: SuperMart is a large Nevada-based business that has recently...
- Question 12: SCENARIO Please use the following to answer the next QUESTIO...
- Question 13: Which of the following best describes what a "private right ...
- Question 14: Which of the following federal agencies does NOT have regula...
- Question 15: Which of the following became the first state to pass a law ...
- Question 16: A large online bookseller decides to contract with a vendor ...
- Question 17: All of the following are tasks in the "Discover" phase of bu...
- Question 18: What is a legal document approved by a judge that formalizes...
- Question 19: SCENARIO Please use the following to answer the next questio...
- Question 20: Acme Student Loan Company has developed an artificial intell...
- Question 21: SCENARIO Please use the following to answer the next questio...
- Question 22: SCENARIO Please use the following to answer the next QUESTIO...
- Question 23: When may a financial institution share consumer information ...
- Question 24: The CFO of a pharmaceutical company is duped by a phishing e...
- Question 25: A law enforcement subpoenas the ACME telecommunications comp...
- Question 26: All of the following organizations are specified as covered ...
- Question 27: Which statement is FALSE regarding the provisions of the Emp...
- Question 28: SCENARIO Please use the following to answer the next QUESTIO...
- Question 29: The Cable Communications Policy Act of 1984 requires which a...
- Question 30: SCENARIO Please use the following to answer the next QUESTIO...
- Question 31: What important action should a health care provider take if ...
- Question 32: Which of the following best describes private-sector workpla...
- Question 33: More than half of U.S. states require telemarketers to?...
- Question 34: One of the most significant elements of Senate Bill No. 260 ...
- Question 35: What is the main challenge financial institutions face when ...
- Question 36: SCENARIO Please use the following to answer the next QUESTIO...
- Question 37: SCENARIO Please use the following to answer the next questio...
- Question 38: Which of the following is NOT a principle found in the APEC ...
- Question 39: If an organization maintains data classified as high sensiti...
- Question 40: How did the Fair and Accurate Credit Transactions Act (FACTA...
- Question 41: Which of the following best describes how federal anti-discr...
- Question 42: Which of the following privacy rights is NOT available under...
- Question 43: In what way does the "Red Flags Rule" under the Fair and Acc...
- Question 44: Which action is prohibited under the Electronic Communicatio...
- Question 45: SCENARIO Please use the following to answer the next QUESTIO...
- Question 46: SCENARIO - Please use the following to answer the next quest...
- Question 47: What type of material is exempt from an individual's right t...
- Question 48: What is the most likely reason that states have adopted thei...
- Question 49: SCENARIO Please use the following to answer the next QUESTIO...
- Question 50: Which of the following is NOT one of three broad categories ...
- Question 51: The rules for "e-discovery" mainly prevent which of the foll...
- Question 52: Mega Corp. is a U.S.-based business with employees in Califo...
- Question 53: SCENARIO Please use the following to answer the next QUESTIO...
- Question 54: The FTC often negotiates consent decrees with companies foun...
- Question 55: SCENARIO - Please use the following to answer the next quest...
- Question 56: Which of the following is an important implication of the Do...
- Question 57: Which of the following does Title VII of the Civil Rights Ac...
- Question 58: In what way is the Controlling the Assault of Non-Solicited ...
- Question 59: SCENARIO Please use the following to answer the next QUESTIO...
- Question 60: SCENARIO Please use the following to answer the next QUESTIO...
- Question 61: What is the purpose of a cure provision in a stale data priv...
- Question 62: Although an employer may have a strong incentive or legal ob...
- Question 63: SCENARIO Please use the following to answer the next QUESTIO...
- Question 64: SCENARIO Please use the following to answer the next QUESTIO...
- Question 65: U.S. federal laws protect individuals from employment discri...
- Question 66: A student has left high school and is attending a public pos...
- Question 67: Global Manufacturing Co's Human Resources department recentl...
- Question 68: What does the Massachusetts Personal Information Security Re...
- Question 69: Which venture would be subject to the requirements of Sectio...
- Question 70: Under the EU-US Data Privacy Framework, what must participat...
- Question 71: Which jurisdiction must courts have in order to hear a parti...
- Question 72: According to Section 5 of the FTC Act, self-regulation prima...
- Question 73: Under the Driver's Privacy Protection Act (DPPA), which of t...
- Question 74: Which of the following is NOT a common challenge large organ...
- Question 75: Which of the following most accurately describes the regulat...
- Question 76: Which of the following describes the most likely risk for a ...
- Question 77: What was the original purpose of the Federal Trade Commissio...
- Question 78: A California resident has created an account on your company...
- Question 79: Which of the following laws is NOT involved in the regulatio...
- Question 80: Due to cookie deprecation, businesses will be required to si...
- Question 81: Under the Fair and Accurate Credit Transactions Act (FACTA),...
- Question 82: A financial services company install "bossware" software on ...
- Question 83: What consumer service was the Fair Credit Reporting Act (FCR...
- Question 84: Which of the following statements is most accurate in regard...
- Question 85: SCENARIO Please use the following to answer the next QUESTIO...
- Question 86: Which federal law or regulation preempts state law?...
- Question 87: What consumer protection did the Fair and Accurate Credit Tr...
- Question 88: Which entities must comply with the Telemarketing Sales Rule...
