An organization's privacy officer was just notified by the benefits manager that she accidentally sent out the retirement enrollment report of all employees to a wrong vendor. Which of the following actions should the privacy officer take first?
A.
Perform a risk of harm analysis.
B.
Report the incident to law enforcement.
C.
Contact the recipient to delete the email.
D.
Send firm-wide email notification to employees.
The privacy officer should first C. Contact the recipient to delete the email.
Here's why:
Immediate Mitigation: The priority is to minimize the potential damage. Contacting the vendor to request immediate deletion of the email is the most direct and immediate way to attempt to contain the breach.
Time Sensitivity: Every moment that the data is in the wrong hands increases the risk. Contacting the recipient is the fastest action to take.
Here's why the other options are not the first step:
A. Perform a risk of harm analysis: A risk of harm analysis is a necessary step, but it comes after attempting to contain the breach.
The answer is C: The privacy officer should work with the benefits manager to contain the breach promptly. This may involve contacting the vendor and requesting them to delete or secure the data immediately.
Should be C, to secure operations and make sure no additional data is lost first
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ShadyB
2 weeks, 4 days agoDrackos2
2 months, 2 weeks agoRocketly
7 months, 2 weeks agoJutt
8 months, 1 week agoBevMe
9 months, 2 weeks agohumhain
1 year agogiomike
1 year, 1 month agoCock
1 year, 5 months agoGh789
1 year, 6 months agoemily0922
1 year, 7 months ago