Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPP-US All Questions

View all questions & answers for the CIPP-US exam
Go to Exam

Exam CIPP-US topic 1 question 178 discussion

Actual exam question from IAPP's CIPP-US
Question #: 178
Topic #: 1
[All CIPP-US Questions]

SCENARIO -
Please use the following to answer the next question:

You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular fitness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.

One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.

However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an infiltration that gives the attacker access to users' profile, health and location information.

After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial Officer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.


Who, if anyone, would the company have to notify immediately following the security team's first call to the privacy manager on Friday?

  • A. It would have to notify each state's attorney general's office since the app is marketed to consumers.
  • B. It would not have to notify anyone since malware intrusions do not trigger breach notification laws.
  • C. It would have to notify the Federal Trade Commission (FTC) since there was an incident involving a mobile app.
  • D. It would not have to notify anyone since there was no unauthorized access of user data that would be considered personal information under applicable state laws.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by smp175 at July 6, 2023, 5:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bhimesh
7 months, 2 weeks ago
Selected Answer: D
Agre with smp175 "as of Friday" not after Friday ... From Monday morning to Monday evening, the situation is not the same
upvoted 1 times
...
smp175
1 year, 4 months ago
Selected Answer: D
There is no carve-out for "malware intrusions" in breach notification laws... The operative fact here is that no PII was implicated in the intrusion known as of Friday in this scenario.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel