Back to AI Flashcard MakerInformation Technology /Personally Identifiable Information Part 1
Personally Identifiable Information Part 1
This deck covers key concepts related to the management and protection of Personally Identifiable Information (PII), including legal responsibilities, privacy impact assessments, and safeguards.
Which action requires an organization to carry out a Privacy Impact Assessment? A. Storing paper-based records B. Collecting PII to store in a new information system C. Collecting any CUI. including but not limited to PII D. Collecting PII to store in a National Security System
B. Collecting PII to store in a new information system
Tap or swipe ↕ to flip
Swipe ←→Navigate
1/15
Key Terms
Term
Definition
Which action requires an organization to carry out a Privacy Impact Assessment?
A. Storing paper-based records
B. Collecting PII to store in a new information system
C. Collecting any CUI. including but not limited to PII
D. Collecting PII to store in a National Security System
B. Collecting PII to store in a new information system
Which of the following is an example of a physical safeguard that individuals can use to protect PII?
All of the above
What is the purpose of a Privacy Impact Assessment (PIA)?
A. Determine whether paper-based records are stored securely
B. Determine whether information must be disclosed according to the Freedom of Information Act (FOIA)
C. Determine whether the collection and maintenance of PII is worth the risk to individuals
D. Determine whether Protected Health Information (PHI) is held by a covered entity
C. Determine whether the collection and maintenance of PII is worth the risk to individuals
T or F? Information that can be combined with other information to link solely to an individual is considered PII.
True
What guidance identifies federal information security controls?
A. DoD 5400.11-R: DoD Privacy Program
B. The Freedom of Information Act (FOIA)
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information
D. The Privacy Act of 1974
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information
An organization that fails to protect PII can face consequences including:
A. Remediation costs
B. Loss of trust
C. Legal liability
D. All of the above
D. All of the above
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Which action requires an organization to carry out a Privacy Impact Assessment?
A. Storing paper-based records
B. Collecting PII to store in a new information system
C. Collecting any CUI. including but not limited to PII
D. Collecting PII to store in a National Security System | B. Collecting PII to store in a new information system |
Which of the following is an example of a physical safeguard that individuals can use to protect PII? | All of the above |
What is the purpose of a Privacy Impact Assessment (PIA)?
A. Determine whether paper-based records are stored securely
B. Determine whether information must be disclosed according to the Freedom of Information Act (FOIA)
C. Determine whether the collection and maintenance of PII is worth the risk to individuals
D. Determine whether Protected Health Information (PHI) is held by a covered entity | C. Determine whether the collection and maintenance of PII is worth the risk to individuals |
T or F? Information that can be combined with other information to link solely to an individual is considered PII. | True |
What guidance identifies federal information security controls?
A. DoD 5400.11-R: DoD Privacy Program
B. The Freedom of Information Act (FOIA)
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information
D. The Privacy Act of 1974 | C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information |
An organization that fails to protect PII can face consequences including:
A. Remediation costs
B. Loss of trust
C. Legal liability
D. All of the above | D. All of the above |
If someone tampers with or steals an individual's PII, they could be exposed to which of the following?
A. Embarrassment
B. Fraud
C. Identity theft
D. All of the above | D. All of the above |
Which of the following is NOT a permitted disclosure of PII contained in a system of records?
a. The individual has requested that their record be disclosed.
b. The record is disclosed for routine use.
c. All permitted disclosures.
d. The record is disclosed for a new purpose that is not specified in the SORN. | d. The record is disclosed for a new purpose that is not specified in the SORN. |
Which of the following is not an example of PII?
A. Fingerprints
B. Driver's license number
C. Social Security number
D. Pet's nickname | D. Pet's nickname |
Which of the following must privacy impact assessments (PIAs) do? | All of the above |
What law establishes the federal government's legal responsibility for safeguarding PII?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA) | C. The Privacy Act of 1974 |
ORGANIZATIONS THAT FAIL TO MAINTAIN ACCURATE, RELEVANT, TIMELY, AND COMPLETE INFORMATION MAY BE SUBJECT TO WHICH OF THE FOLLOWING? | CIVIL PENALTIES |
What law establishes the public's right to access federal government information?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA) | D. The Freedom of Information Act (FOIA) |
An organization with existing system of records decides to start using PII for a new purpose outside the 'routine use' defined in the System of Records Notice (SORN). Is this a permitted use?
A. Yes
B. No | B. No |
True or false? A system of records Notice (SORN) is not required if an organization determines that PII will be stored using a system of records. | False |