CPA Exam Lab
Section 2: 35–45%I9

Confidentiality and Privacy

Exam Insight

The exam draws a sharp line between confidentiality (protecting sensitive business data) and privacy (protecting personal data of individuals), and expects you to apply data classification, privacy principles, and de-identification techniques. Knowing which regulation and which technique fits a scenario is frequently tested.

CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.

What AICPA Wants You to Know

  • 1Distinguish confidentiality from privacy.
  • 2Apply data classification to determine handling requirements.
  • 3Define PII and PHI and recognize examples.
  • 4State the core privacy principles, including notice, consent, and data minimization.
  • 5Summarize the scope of GDPR, CCPA, and HIPAA at a high level.
  • 6Compare de-identification techniques: masking, anonymization, pseudonymization, tokenization, and encryption.