U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IAPP CIPP/US Exam - Topic 4 Question 92 Discussion

Which of the following accurately describes the purpose of a particular federal enforcement agency?
D) The Federal Trade Commission (FTC) is typically recognized as having the broadest authority under the FTC Act to address unfair or deceptive privacy practices.
A) The National Institute of Standards and Technology (NIST) has established mandatory privacy standards that can then be enforced against all for-profit organizations by the Department of Justice (DOJ).
B) The Cybersecurity and Infrastructure Security Agency (CISA) is authorized to bring civil enforcement actions against organizations whose website or other online service fails to adequately secure personal information.
C) The Federal Communications Commission (FCC) regulates privacy practices on the internet and enforces violations relating to websites' posted privacy disclosures.

IAPP CIPP/US Exam - Topic 4 Question 92 Discussion

Actual exam question for IAPP's CIPP/US exam
Question #: 92
Topic #: 4
[All CIPP/US Questions]

Which of the following accurately describes the purpose of a particular federal enforcement agency?

Show Suggested Answer Hide Answer
Suggested Answer: D

The FTC is the primary federal agency responsible for enforcing privacy and data security laws in the United States. The FTC has broad jurisdiction over most commercial entities that collect, use, or share personal information from consumers. The FTC Act prohibits unfair or deceptive acts or practices in or affecting commerce, which includes unfair or deceptive privacy practices. The FTC can bring enforcement actions against companies that violate their own privacy policies, fail to provide adequate notice or choice to consumers, engage in unfair or harmful data practices, or breach consumers' reasonable expectations of privacy. The FTC can also issue rules, guidelines, and reports on privacy and data security issues, as well as conduct investigations, workshops, and educational campaigns.Reference:

IAPP CIPP/US Body of Knowledge, Section I.A.1.a

IAPP CIPP/US Textbook, Chapter 1, pp. 9-12

FTC Privacy and Security Enforcement


by Lauran at Apr 09, 2026, 01:05 AM

Limited Time Offer

25%

Off

Get Premium CIPP/US Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ruthann
1 month ago
Totally agree, it's the FTC that has the broadest authority!
upvoted 0 times
...
Wayne
2 months ago
NIST doesn't enforce privacy standards, that's a myth.
upvoted 0 times
...
Odette
2 months ago
I vaguely recall something about CISA, but I’m not confident it has civil enforcement powers like B suggests.
upvoted 0 times
...
Destiny
2 months ago
I practiced a similar question where the FTC was mentioned as having broad authority, so I’m leaning towards D as well.
upvoted 0 times
...
Eladia
2 months ago
I'm not entirely sure, but I feel like C could be misleading since the FCC mainly deals with communications rather than privacy.
upvoted 0 times
...
Lorrine
2 months ago
I remember studying about the FTC and its role in privacy enforcement, so I think D might be the right answer.
upvoted 0 times
...

Save Cancel