100% Free IAPP CIPM Practice Test Questions

Question 1

SCENARIO

Please use the following to answer the next question:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia

to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the

practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring

Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who

handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and

assesses the office's strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to

modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the

records kept in file cabinets, as many of the documents contain personally identifiable financial and medical

data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the

day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues

unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/

printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the

same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that

personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing

policy by the year's end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and

an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams

granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but

also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following

day, to get insight into how the office computer system is currently set-up and managed.

Which of the following policy statements needs additional instructions in order to further protect the personal

data of their clients?

A : All faxes sent from the office must be documented and the phone number used must be double checked to ensure a safe arrival

B : All unused copies, prints, and faxes must be discarded in a designated recycling bin located near the work station and emptied daily.

C : Before any copiers, printers, or fax machines are replaced or resold, the hard drives of these devices must be deleted before leaving the office

D : When sending a print job containing personal data, the user must not leave the information visible on the computer screen following the print command and must retrieve the printed document immediately

Answer: D

Question 2

Which term describes a piece of personal data that alone may not identify an individual?

A : Unbundled data

B : A singularity

C : Non-aggregated infopoint

D : A single attribute

Answer: A

Question 3

When implementing an organization's privacy program, what right should be granted to the data subject?

A : To have their data amended or erased if errors are found.

B : To limit or refuse the disclosure of their data for any reason.

C : To provide feedback regarding an organization's privacy policy.

D : To verify that an organization uses the highest level of privacy protection available.

Answer: A

Question 4

The most direct way to ensure you are effectively communicating your privacy mission throughout your organization is to?

A : Ensure marketing activity is adequately resourced.

B : Evaluate the content in your privacy awareness program.

C : Survey buy-in from your team and stakeholders on a privacy strategy.

D : Review the quantity of Data Protection Impact Assessments (DPIAs) to ensure completeness for every project.

Answer: B,C

Question 5

What is a key feature of the privacy metric template adapted from the National Institute of Standards and Technology (NIST)?

A : It provides suggestions about how to collect and measure data.

B : It can be tailored to an organization's particular needs

C : It is updated annually to reflect changes in government policy

D : It is focused on organizations that do business internationally

Answer: A

Free Practice IAPP CIPM Exam Questions 2025