What are the three core areas examined in the CIPP/US exam?

The correct answer highlights the three core areas examined in the CIPP/US exam, which are essential for understanding the landscape of privacy in the United States. U.S. privacy laws form the legal backbone that governs how personal data is treated, covering a variety of laws such as the Health Insurance Portability and Accountability Act (HIPAA), the Children's Online Privacy Protection Act (COPPA), and state-specific regulations.

Privacy governance involves the policies, procedures, and organizational structures that ensure compliance with these laws. It reflects the strategic aspect of privacy management within an organization, including how organizations implement controls and manage risk related to personal data.

Data management practices refer to the methods and procedures organizations use to handle personal data throughout its lifecycle, from collection and storage to sharing and disposal. This area examines how data is used responsibly and ethically while ensuring compliance with applicable laws and regulations.

In sum, these three areas encapsulate the foundational knowledge necessary for a professional in the field of privacy, making them integral to the CIPP/US certification framework.