1. Home
  2. CIPM Exam
Exam Code: CIPM
Exam Questions: 278
Certified Information Privacy Manager
Updated: 24 May, 2026
Viewing Page : 1 - 28
Practicing : 1 - 5 of 278 Questions
Question 1

An organization's internal audit team should do all of the following EXCEPT?

Options :
Answer: A
Question 2

SCENARIO -

Please use the following to answer the next question:

Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm's first ever privacy officer.

While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.

You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year - enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn't have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.

After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.

While reviewing the contract with the firm the CRM mobility project was outsourced to, all of the following should be mandatory EXCEPT?

Options :
Answer: D
Question 3

SCENARIO
Please use the following to answer the next question:
Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has
found some degree of disorganization after touring the company headquarters. His uncle Henry had always
focused on production – not data processing – and Anton is concerned. In several storage rooms, he has found
paper files, disks, and old computers that appear to contain the personal data of current and former employees
and customers. Anton knows that a single break-in could irrevocably damage the company's relationship with
its loyal customers. He intends to set a goal of guaranteed zero loss of personal information.
To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the
company. However, Kenneth – his uncle's vice president and longtime confidante – wants to hold off on Anton's
idea in favor of converting any paper records held at the company to electronic storage. Kenneth believes this
process would only take one or two years. Anton likes this idea; he envisions a password-protected system that
only he and Kenneth can access.
Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it
will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware
store down the street will be responsible for their own information management. Then, any unneeded subsidiary
data still in Anton's possession can be destroyed within the next few years.
After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers.
Kenneth insists that two lost hard drives in question are not cause for concern; all of the data was encrypted
and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice
letters to all employees and customers to be safe.
Anton must also check for compliance with all legislative, regulatory, and market requirements related to
privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago,
but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another
trusted employee with a law background the task of the compliance assessment. After a thorough analysis,
Anton knows the company should be safe for another five years, at which time he can order another check.
Documentation of this analysis will show auditors due diligence.
Anton has started down a long road toward improved management of the company, but he knows the effort is
worth it. Anton wants his uncle's legacy to continue for many years to come.
Which important principle of Data Lifecycle Management (DLM) will most likely be compromised if Anton
executes his plan to limit data access to himself and Kenneth?

Options :
Answer: B
Question 4

SCENARIO
Please use the following to answer the next question:
Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia
to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the
practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring
Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who
handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and
assesses the office's strategies for growth.
Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to
modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the
records kept in file cabinets, as many of the documents contain personally identifiable financial and medical
data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the
day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues
unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/
printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the
same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that
personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing
policy by the year's end.
Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and
an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams
granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but
also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following
day, to get insight into how the office computer system is currently set-up and managed.
Which of the following policy statements needs additional instructions in order to further protect the personal
data of their clients? 

Options :
Answer: B
Question 5

SCENARIO
Please use the following to answer the next question:
It's just what you were afraid of. Without consulting you, the information technology director at your organization
launched a new initiative to encourage employees to use personal devices for conducting business. The
initiative made purchasing a new, high-specification laptop computer an attractive option, with discounted
laptops paid for as a payroll deduction spread over a year of paychecks. The organization is also paying the
sales taxes. It's a great deal, and after a month, more than half the organization's employees have signed on
and acquired new laptops. Walking through the facility, you see them happily customizing and comparing notes
on their new computers, and at the end of the day, most take their laptops with them, potentially carrying
personal data to their homes or other unknown locations. It's enough to give you data-protection nightmares,
and you've pointed out to the information technology Director and many others in the organization the potential
hazards of this new practice, including the inevitability of eventual data loss or theft.
Today you have in your office a representative of the organization's marketing department who shares with you,
reluctantly, a story with potentially serious consequences. The night before, straight from work, with laptop in
hand, he went to the Bull and Horn Pub to play billiards with his friends. A fine night of sport and socializing
began, with the laptop "safely" tucked on a bench, beneath his jacket. Later that night, when it was time to
depart, he retrieved the jacket, but the laptop was gone. It was not beneath the bench or on another bench
nearby. The waitstaff had not seen it. His friends were not playing a joke on him. After a sleepless night, he
confirmed it this morning, stopping by the pub to talk to the cleanup crew. They had not found it. The laptop was
missing. Stolen, it seems. He looks at you, embarrassed and upset.
You ask him if the laptop contains any personal data from clients, and, sadly, he nods his head, yes. He
believes it contains files on about 100 clients, including names, addresses and governmental identification
numbers. He sighs and places his head in his hands in despair.
What should you do first to ascertain additional information about the loss of data? 

Options :
Answer: A
Viewing Page : 1 - 28
Practicing : 1 - 5 of 278 Questions

© Copyrights FreePDFQuestions 2026. All Rights Reserved

We use cookies to ensure that we give you the best experience on our website (FreePDFQuestions). If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the FreePDFQuestions.