Information PII Exam Questions and Answers 2023

Identifying And Safeguarding Personally Identifiable Information (PII) Exam Questions and Answers 2023 Question Answer What law establishes the federal government’s legal responsibility for safeguarding PII?The Privacy Act of 1974 Which of the following is NOT a permitted disclosure of PII contained in a system of records?The record is disclosed with a new purpose that is not encompassed by SORN If someone tampers with or steals an individual’s PII, they could be exposed to which of the following? All of the above True or false? A System of Records Notice (SORN) is not required if an organization determines that PII will be stored using a system of records. False Which of the following is NOT an example of PII? Pet’s nickname Which of the following is NOT included in a breach notification?Articles and other media reporting the breach.True or False? Paper-based PP is involved in data breaches more often than electronic PP documentation. False Which of the following is NOT an example of an administrative safeguard that organizations use to protect PII?List all potential future uses of PII in the System of Records Notice (SORN) Organizations that fail to maintain accurate, relevant, timely, and complete information may be subject to which of the following? Civil Penalties

Question Answer You are reviewing personnel records containing PII when you notice a record with missing information.You contact the individual to update the personnel record. Is this complaint with PII safeguarding procedures? No Your organization has a new requirement for annual security training. To track training completion, they are using employee Social Security Numbers as record identification. Is this compliant with PII safeguarding procedures? Non-compliant Your coworker was teleworking when the agency e- mail system shut down. She had an urgent deadline so she sent you an encrypted set of records containing PII from her personal e-mail account. Is this compliant with PII safeguarding procedures? Non-compliant You are reviewing personnel records containing PII when you notice a record with missing information.You contact the individual to update the personnel record. Compliant You are tasked with disposing of physical copies of last year’s grant application forms. These documents contain PII so you use a cross-cut shredder to render them unrecognizable and beyond reconstruction. Is this compliant with PII safeguarding procedures? Compliant Phishing is responsible for most of the recent PII Breaches. True or false? True If you discover PII on the web, immediately close your browser and delete all information regarding the URL. True or false? False Following a breach, organizations must issue a breach notification. True or false? True

Question Answer Organizations can incur civil penalties for failing to uphold their PII responsibilities. True or false? True Individuals are immune to criminal penalties, even if they fail to uphold their PII responsibilities. True or false? False Identifying and Safeguarding PII v4.0 Answers Question Options Answer Which of the following must Privacy Impact Assessments (PIAs) do?Analyze how an organization handles information to ensure it satisfies requirements mitigate privacy risks determine the risks of collecting, using, maintaining, and disseminating PII on electronic information systems.all of the above All of the Above True or False? An Individual whose PII has been stolen is susceptible to identity theft, fraud, and other damage. True or False True What / Which guidance identifies federal information security controls?The Freedom of Information Act (FOIA) The Privacy Act of 1974 OMB Memorandum M-17- OMB Memorandum M- 17-12

Question Options Answer

12: Preparing for and

responding to a breach of PII

DOD 5400.11-R: DOD

Privacy Program Which of the following is NOT an example of PII?Driver’s License Number Pet’s nickname Social Security Number Fingerprints Pet’s nickname Which of the following is NOT a permitted disclosure of PII contained in a system of records?These are all permitted disclosures The record is disclosed for a new purpose that is not specified in the SORN The record is disclosed for routine use.The individual has requested that their record be disclosed.The record is disclosed for a new purpose that is not specified in the SORN PIA is required when organization collects PII

from:

Existing information systems and electronic collections for which no PIA was previously completed.New information systems or electronic collections (before development or purchase and/or converting paper records to electronic systems) -Existing information systems and electronic collections for which no PIA was previously completed.New information systems or electronic collections (before development or purchase and/or converting paper records to electronic systems)