Certified Information Privacy Professional – United States (CIPP/US) — Question 164

Which of the following accurately describes the purpose of a particular federal enforcement agency?

Answer options

• A. The National Institute of Standards and Technology (NIST) has established mandatory privacy standards that can then be enforced against all for-profit organizations by the Department of Justice (DOJ).
• B. The Cybersecurity and Infrastructure Security Agency (CISA) is authorized to bring civil enforcement actions against organizations whose website or other online service fails to adequately secure personal information.
• C. The Federal Communications Commission (FCC) regulates privacy practices on the internet and enforces violations relating to websites’ posted privacy disclosures.
• D. The Federal Trade Commission (FTC) is typically recognized as having the broadest authority under the FTC Act to address unfair or deceptive privacy practices.

Correct answer: D

Explanation

The Federal Trade Commission (FTC) is indeed recognized for its extensive authority to regulate unfair or deceptive practices, including those related to privacy. The other options inaccurately describe the roles of their respective agencies; for instance, NIST does not enforce standards, CISA focuses on cybersecurity rather than general privacy enforcement, and the FCC's role is not primarily about privacy practices online.