CIPM Exam Dumps : Certified Information Privacy Manager (CIPM)

The marketing team needs a check box for their SMS opt-in because it is part of the consumer’s right to be informed. This right means that consumers have the right to know how their personal data is collected, used, shared, and protected by the organization. The check box allows consumers to give their consent and opt-in to receive SMS messages from the organization, and also informs them of the purpose and scope of such messages. The other rights are not relevant in this case, as they are related to other aspects of data processing, such as correction, complaints, and access. References: CIPM Body of Knowledge, Domain IV: Privacy Program Communication, Section A: Communicating to Stakeholders, Subsection 1: Consumer Rights.

“Respond” in the privacy operational lifecycle includes information requests and privacy rights requests, which are requests from individuals or authorities to access, correct, delete, or restrict the processing of personal data. The privacy program must have processes and procedures to handle such requests in a timely and compliant manner. The other options are not part of the “respond” phase, but rather belong to other phases such as “protect”, “aware”, or “align”. References: CIPM Body of Knowledge, Domain III: Privacy Program Operational Life Cycle, Section D: Respond.

The United States federal law that requires financial institutions to declare their personal data collection practices is the Gramm-Leach-Bliley Act (GLBA) of 1999. The GLBA is also known as the Financial Services Modernization Act or the Financial Modernization Act10 The GLBA regulates how financial institutions collect, use, disclose, and protect the nonpublic personal information of their customers11 The GLBA requires financial institutions to provide a privacy notice to their customers that explains what kinds of information they collect, how they use and share that information, and how they safeguard that information12 The GLBA also gives customers the right to opt out of certain information sharing practices with third parties13

The other options are not US federal laws that require financial institutions to declare their personal data collection practices. The Kennedy-Hatch Disclosure Act of 1997 is a proposed but not enacted legislation that would have required health insurers to disclose their policies and practices regarding the use and disclosure of genetic information14 SUPCLA, or the federal Superprivacy Act of 2001, is a fictional law that does not exist in reality. The Financial Portability and Accountability Act of 2006 is also a fictional law that does not exist in reality, although it may be confused with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which regulates the privacy and security of health information15 References: 10: Gramm-Leach-Bliley Act | Federal Trade Commission; 11: Financial Privacy | Federal Trade Commission; 12: Financial Privacy | Federal Trade Commission; 13: Financial Privacy | Federal Trade Commission; 14: S. 422 (105th): Genetic Information Nondiscrimination in Health Insurance Act of 1997; 15: Health Information Privacy | HHS.gov