exam questions

Exam CIPP-US All Questions

View all questions & answers for the CIPP-US exam

Exam CIPP-US topic 1 question 128 discussion

Actual exam question from IAPP's CIPP-US
Question #: 128
Topic #: 1
[All CIPP-US Questions]

Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.
Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?

  • A. If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.
  • B. If the job candidates’ credit card information and the encryption keys were among the information taken.
  • C. If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.
  • D. If the personal information stolen included the individuals’ names and credit card pin numbers.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
47258d2
6 months, 1 week ago
California AB2828: organizations are required to trigger breach notification for disclosures of encrypted data is they have reason to believe encryption keys may have been compromised along w the data.
upvoted 1 times
...
Bhimesh
8 months, 2 weeks ago
Selected Answer: B
The CCPA provides consumers with special remedies for data breaches, including statutory damages of between $100 and $750 per incident, actual damages, or other remedies the court deems appropriate. To be entitled to these remedies, the breach must consist of (1) “an unauthorized access and exfiltration, theft, or disclosure” of the consumer’s personal information resulting from (2) the business’s failure to “implement and maintain reasonable security procedures and practices.” “CREDIT CARD INFORMATION and the ENCRYPTION KEYS were among the information taken”. – its breach. although the at rest is encrypted… These remedies “do not apply” to personal information that has been “ ENCRYPTED OR REDACTED.” These remedies also only apply to a certain subset of the most sensitive personal information under the CCPA (such as Social Security number) and are not available for all categories of personal information.
upvoted 1 times
...
smp175
1 year, 5 months ago
Selected Answer: B
California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (California Civil Code s. 1798.29(a) [agency] and California Civ. Code s. 1798.82(a) [person or business].) https://oag.ca.gov/privacy/databreach/reporting
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago