What's Your Privacy IQ? Test Your Legislative Knowledge

Article excerpt

[ILLUSTRATION OMITTED]

Maintaining the privacy and protection of customers' and employees' personal information is a risk management issue for all organizations. The increase in identity theft is also a concern for all organizations. Laws and regulations continue to place requirements on businesses for the protection of personal data. Myriad laws and regulations address privacy concerns and the collection, use, disclosure, and disposal of personally identifiable information. How much do you know about the multitude of privacy regulations that exist today? Take this quiz to find out.

1. Which was the first state to enact a data security breach law?

a. Mississippi.

b. California.

c. Massachusetts.

d. Kentucky

2. Which of the following laws deals with the privacy of student education records?

a. FACTA.

b. HITECH.

c. FERPA.

d. COPPA.

3. The CAN-SPAM Act is a law that sets the rules for commercial email and establishes requirements for commercial messages. Which of the following is not a requirement of the CAN-SPAM Act?

a. Don't use false or misleading header information in emails.

b. Don't use deceptive subject lines in emails.

c. Honor opt-out requests within 90 days of receipt.

d. Tell recipients where you're located.

4. The Red Flags Rule requires financial institutions and creditors to implement a written program to prevent and respond to which of the following?

a. Network security breaches.

b. Identity theft.

c. Loan fraud.

d. All of the above.

5. Many companies collect personal information from their customers, including names, addresses, and phone numbers; bank and credit card account numbers; income and credit histories; and Social Security numbers. The Gramm-Leach-Bliley (GLB) Act requires companies defined under the law as "financial institutions" to ensure the security and confidentiality of this type of information. Which of the following items are parts of the GLB Act?

a. Safeguards rule.

b. Financial privacy rule.

c. Pretexting provisions.

d. All of the above.

6. What types of entities (considered as covered entities) must comply with the Health Insurance Portability and Accountability Act (HIPAA)?

a. Health insurers.

b. Health care providers.

c. Pharmacies.

d. Health care clearinghouses.

e. All of the above.

7. Which of the following is true about the Health Information Technology for Economic and Clinical Health Act (HITECH)?

a. Electronic health records are not covered.

b. If 500 or more health records are breached, the U.S. Department of Health and Human Services must be notified.

c. Only HIPAA-required entities are covered, not business associates.

d. Individuals are allowed to bring law suits against health care providers for data breaches.

e. All of the above.

8. The U.S. Department of Commerce, in consultation with the European Commission, developed a "safe harbor" framework to bridge the different privacy approaches of the European Union and the United States. To ensure compliance with the framework, an organization must have which of the following components in place?

a. Verification.

b. Dispute resolution.

c. Remedy.

d. All of the above.

9. What is the Personal Information Protection and Electronic Documents Act (PIPEDA)?

a. The Canadian law relating to data privacy

b. The U.K. law relating to data privacy

c. The Massachusetts privacy law, the toughest in the United States.

d. None of the above.

10. The Privacy Act of 1974 establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals maintained in records systems by:

a. …