Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam
Go to Exam

Exam CIPM topic 1 question 189 discussion

Actual exam question from IAPP's CIPM
Question #: 189
Topic #: 1
[All CIPM Questions]

SCENARIO -
Please use the following to answer the next question:
Jonathan recently joined a healthcare payment processing solutions company as a senior privacy manager. One morning, Jonathan awakens to several emails informing him that an individual cloud server failed due to a flood in its server room, damaging its hardware and destroying all the data the company had stored on that drive. Jonathan was not aware that the company had this particular cloud account or that any data was being stored there because it was not included in the data mapping or data inventory provided to him by his predecessor. Jonathan's predecessor conducted a data inventory and mapping exercise 4 years ago and updated it on an annual basis.
Renee works in the sales department and tells Jonathan that she doesn't think that account had been used since the company moved to a bigger cloud vendor three years ago. She also advised him that the account was mostly used by Human Resources (HR) and Accounts Payable (AP). Jonathan speaks to both departments and learns that each had met with his predecessor multiple times and explained they saved sensitive personal data on that drive, including health and financial related personal data and "other stuff." Jonathan also learns that the data stored in that account was not backed up pursuant to company policy. Jonathan asks his IT department who had access to that particular account and learns that there were no access controls in place, making the account available to anyone in the company, despite the purported sensitivity of the data being stored there.
Jonathan is panicking as the data can't be recovered, and he can't determine exactly what data was saved on that account or to whom it belongs. Two days later, the company receives 32 data subject access requests and Accounts Payable confirms Jonathan's worry that these data subjects' personal data was likely stored on this account. He searches for the company's data subject access request policy, but later learns it doesn't exist.
Based on the scenario above, what is the most appropriate next step Jonathan should take?

  • A. Consult with the legal team to determine how to address the data subjects' requests and determine the risk of noncompliance.
  • B. Consult with other key stakeholders to create a presentation on the incident and lessons learned for the board of directors.
  • C. Consult with the public relations team to discuss potential brand impact of not responding to the data subjects' requests.
  • D. Consult with the information technology team to understand how and why this cloud account was not disabled.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Ssourav at Sept. 28, 2023, 2:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Cock
1 year, 1 month ago
Selected Answer: A
Consulting with the legal team is crucial for understanding the legal obligations, potential regulatory consequences, and the steps required to address these requests. It's important to ensure compliance with data protection laws and to mitigate any potential legal risks associated with not responding appropriately to the data subjects' requests. This step should be taken before considering other actions, such as board presentations or public relations considerations, to ensure legal compliance and protect the company from legal consequences.
upvoted 1 times
...
Ssourav
1 year, 2 months ago
Selected Answer: A
A. Consult with the legal team to determine how to address the data subjects' requests and determine the risk of noncompliance.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel