exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam

Exam CIPM topic 1 question 59 discussion

Actual exam question from IAPP's CIPM
Question #: 59
Topic #: 1
[All CIPM Questions]

SCENARIO -
Please use the following to answer the next question:
Natalia, the Chief Financial Officer (CFO) of the Nationwide Grill restaurant chain, had never seen her fellow executives so anxious. Last week, a data processing firm used by the company reported that its system may have been hacked, and customer data such as names, addresses, and birthdays may have been compromised. Although the attempt was proven unsuccessful, the scare has prompted several Nationwide Grill executives to question the company's privacy program at today's meeting.
Alice, a Vice President (VP), said that the incident could have opened the door to lawsuits, potentially damaging Nationwide Grill's market position. The Chief Information Officer (CIO), Brendan, tried to assure her that even if there had been an actual breach, the chances of a successful suit against the company were slim. But Alice remained unconvinced.
Spencer – a former Chief Executive Officer (CEO) and currently a senior advisor – said that he had always warned against the use of contractors for data processing. At the very least, he argued, they should be held contractually liable for telling customers about any security incidents. In his view, Nationwide Grill should not be forced to soil the company name for a problem it did not cause.
One of the Business Development (BD) executives, Haley, then spoke, imploring everyone to see reason. "Breaches can happen, despite organizations' best efforts," she remarked. "Reasonable preparedness is key." She reminded everyone of the incident seven years ago when the large grocery chain Tinkerton's had its financial information compromised after a large order of Nationwide Grill frozen dinners. As a long-time BD executive with a solid understanding of Tinkerton's's corporate culture, built up through many years of cultivating relationships, Haley was able to successfully manage the company's incident response.
Spencer replied that acting with reason means allowing security to be handled by the security functions within the company – not BD staff. In a similar way, he said, Human Resources (HR) needs to do a better job training employees to prevent incidents. He pointed out that Nationwide Grill employees are overwhelmed with posters, emails, and memos from both HR and the ethics department related to the company's privacy program. Both the volume and the duplication of information means that it is often ignored altogether.
Spencer said, "The company needs to dedicate itself to its privacy program and set regular in-person trainings for all staff once a month."
Alice responded that the suggestion, while well-meaning, is not practical. With many locations, local HR departments need to have flexibility with their training schedules. Silently, Natalia agreed.
Based on the scenario, Nationwide Grill needs to create better employee awareness of the company's privacy program by doing what?

  • A. Varying the modes of communication.
  • B. Communicating to the staff more often.
  • C. Improving inter-departmental cooperation.
  • D. Requiring acknowledgment of company memos.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Vinz_
1 week, 2 days ago
Selected Answer: C
Varying the modes of communications would unlikely improve the Privacy programme since the scenario reported the presence of multiple communication channels. HR and Ethics department should coordinate with the security function as well as other departments to identify the necessary training material tailored to different roles, hence increasing interest and ultimately privacy awareness.
upvoted 1 times
...
Dhrumal
2 weeks ago
Selected Answer: C
I thought of C as HR and Ethics department both were bombarding employees with information which led to overload of information for employees and they started ignoring the messages.
upvoted 1 times
...
kuca11
1 month ago
D, Requiring acknowledgment of company memos as the circumstances mention stateds "Both the volume and the duplication of information means that it is often ignored altogether."
upvoted 1 times
...
katizeti
11 months, 1 week ago
In my opinion A is correct
upvoted 2 times
...
carlosbui
1 year, 1 month ago
Should be A
upvoted 2 times
...
Ssourav
1 year, 4 months ago
Selected Answer: A
Varying the modes of communication: If employees are overwhelmed with emails, memos, and posters, using a variety of methods such as interactive training sessions, videos, or team discussions could improve engagement and retention of information.
upvoted 3 times
...
emily0922
1 year, 4 months ago
I think should be C "He pointed out that Nationwide Grill employees are overwhelmed with posters, emails, and memos from both HR and the ethics department related to the company's privacy program. Both the volume and the duplication of information means that it is often ignored altogether."
upvoted 1 times
...
Adyyogi
1 year, 4 months ago
Selected Answer: A
A, because varying the way communication is delivered means that you adapt the content and delivery to the audience, which is the appropriate way
upvoted 2 times
...
Larryqwe
1 year, 9 months ago
Or answer a?
upvoted 1 times
...
Boerenkool
1 year, 9 months ago
Why not C?
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago