Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam

Exam CIPM topic 1 question 170 discussion

Actual exam question from IAPP's CIPM
Question #: 170
Topic #: 1
[All CIPM Questions]

SCENARIO -
Please use the following to answer the next question:
Hi Zoe,
Thank you so much for your email. I am so glad you have jumped right into your new position as our in-house privacy professional. BastTech greatly needs your expertise. I hope you are comfortably settling into your new home in the United States after your move from the United Kingdom! Georgia is a wonderful state.
I particularly appreciate your enthusiasm in using your recent informal assessment to begin rectifying gaps in our privacy program and making sure we are in compliance with all laws. However, I also want to make sure that we are prioritizing our initiatives by spending time on the measures that are most important to our customers, our company, and the tech industry as a whole.
Specifically, I know that you are advocating for an update of our Business Continuity Disaster Response (BCDR) plan with an eye toward privacy concerns. I think this effort is something that we may be able to postpone. I'm sure that after ten years the document can be updated in spots; however, we have first-rate, experienced executive leaders that would have things well in hand in the unlikely event of a disaster.
Further, you mentioned that you would like to assess our longtime subcontractor's disaster plan through a second-party audit. Papyrus, our longtime subcontractor, does keep a great deal of personal data about our customers. However, I am not sure I understand your request and would like to discuss this further during our meeting Wednesday.
You also say that your audit uncovered some inadequacies in staff compliance with our security procedures and local laws. I just wanted to emphasize that the audit findings only need to be communicated to the executive leadership. I would rather not cause unnecessary alarm across departments.
I know you are also looking closely at the recent loss of a file belonging to a staff member in Human Resources (HR). It was an unfortunate incident, but rest assured, we handled the situation according to Georgia state law. The only difficult part was easing the concerns of our many remote employees all across the country whose data was on the computer. But I believe everything is settled. At least this stands as proof that in the event of another breach of any type, Information Security (IS) will take the lead while other departments move on with business as usual without having to get involved. Thankfully, we have taken the measure of supplementing our General Commercial Liability Insurance with cyber insurance.
Anyway, we will talk more on Wednesday. I just wanted to communicate some of my current thinking.
Thanks,

Whitney -
Interim Assistant Business Manager, BastTech.
Based on Whitney's thoughts about the lost file, in what area of privacy law does she have a misunderstanding?

  • A. The scope of federal law.
  • B. The applicability of state laws.
  • C. The requirements under Georgia state law.
  • D. The applicability of the Health Insurance Portability and Accountability Act (HIPAA) on employee data.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Ssourav
Highly Voted 1 year, 2 months ago
Selected Answer: B
B. The applicability of state laws. In the scenario, Whitney seems to think that because they handled the situation of the lost file according to Georgia state law, everything is settled. However, she might be misunderstanding that since they have remote employees all across the country, other state laws might also apply to the lost file incident, not just Georgia's. Different states may have different notification requirements and other rules regarding data breaches, and the company needs to comply with all applicable laws based on the residence of the affected individuals.
upvoted 5 times
...
carlosbui
Most Recent 12 months ago
should be B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...