Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam
Go to Exam

Exam CIPM topic 1 question 188 discussion

Actual exam question from IAPP's CIPM
Question #: 188
Topic #: 1
[All CIPM Questions]

SCENARIO -
Please use the following to answer the next question:
Jonathan recently joined a healthcare payment processing solutions company as a senior privacy manager. One morning, Jonathan awakens to several emails informing him that an individual cloud server failed due to a flood in its server room, damaging its hardware and destroying all the data the company had stored on that drive. Jonathan was not aware that the company had this particular cloud account or that any data was being stored there because it was not included in the data mapping or data inventory provided to him by his predecessor. Jonathan's predecessor conducted a data inventory and mapping exercise 4 years ago and updated it on an annual basis.
Renee works in the sales department and tells Jonathan that she doesn't think that account had been used since the company moved to a bigger cloud vendor three years ago. She also advised him that the account was mostly used by Human Resources (HR) and Accounts Payable (AP). Jonathan speaks to both departments and learns that each had met with his predecessor multiple times and explained they saved sensitive personal data on that drive, including health and financial related personal data and "other stuff." Jonathan also learns that the data stored in that account was not backed up pursuant to company policy. Jonathan asks his IT department who had access to that particular account and learns that there were no access controls in place, making the account available to anyone in the company, despite the purported sensitivity of the data being stored there.
Jonathan is panicking as the data can't be recovered, and he can't determine exactly what data was saved on that account or to whom it belongs. Two days later, the company receives 32 data subject access requests and Accounts Payable confirms Jonathan's worry that these data subjects' personal data was likely stored on this account. He searches for the company's data subject access request policy, but later learns it doesn't exist.
Which step did Jonathan correctly determine most significantly contributed to the issue at hand?

  • A. Due diligence on the cloud provider that hosted the impacted account had not been performed.
  • B. Training and awareness around appropriate storage of sensitive personally identifiable data had not been performed.
  • C. This cloud account and the personal data stored there had not been accounted for in the data mapping or accounted for in the data inventory.
  • D. Specific instructions on backing up data to human resources and accounts payable had not been given to Human Resources and Accounts Payable.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Ssourav at Sept. 28, 2023, 2:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Cock
1 year, 1 month ago
Selected Answer: C
The fact that this particular cloud account and the sensitive personal data stored in it were not included in the data mapping or data inventory provided to Jonathan by his predecessor means that the company was not aware of the existence of this data. This lack of awareness and documentation contributed to the inability to recover the data, determine what data was stored, and to whom it belongs. It also resulted in the absence of data backup and access controls for this account, which further exacerbated the problem.
upvoted 1 times
...
Ssourav
1 year, 2 months ago
Selected Answer: C
C. This cloud account and the personal data stored there had not been accounted for in the data mapping or accounted for in the data inventory.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel