Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam

Exam CIPM topic 1 question 235 discussion

Actual exam question from IAPP's CIPM
Question #: 235
Topic #: 1
[All CIPM Questions]

You have just taken on the role of Data Governance Director at an energy corporation based in London, England. The company has been trading for over 25 years and you soon team that so far, the company has done little to control the use of customer information.

During the first few weeks you establish that despite attempts by your predecessor, the company has held onto all customer records digitally in various systems, including their customer records management system, their invoicing system, their call recording system, their marketing database and within two different email clients.

There have been a fair number of minor data breaches in recent months and a couple of larger ones, which have meant that not only has the company's reputation been damaged but they have also had to report some of the bigger breaches to the regulator. One of these breaches led to the credit risk scores of over 150,000 customers being deliberately leaked to the company’s largest competitor.

You also discover that some customers have asked for their data to be deleted following a number of marketing campaigns. Even though the company has told the customers that they have done what was asked, you team that all the company did was remove these customers from their marketing lists - in other words, all their data is still in the various digital systems for marketing, invoicing and records management.

On top of all this, you learn that if a customer service agent based in the energy corporation's US call center cannot find the details of the specific customer they are talking to on the phone, the agent will just add notes of the telephone conversation in whichever customer record the agent can find. What this means is that some customer records are very inaccurate, and this causes delays in compensation payments, poor reviews on independent review sites and the energy regulator in the UK is thinking of suspending the company's license.

As artificial intelligence is seen as the new energy future linking to the Internet of Things (IoT), the company has partnered with another company specializing in ingesting huge amounts of data into cloud-based warehouses. This data is then used to profile customers, so they get an idea of which ones are most likely to buy their new cutting-edge technology that is being offered via their new business partner. Many of the new devices on offer mean that both companies will be able to gather even more data about their customers, including geo-location, IP addresses, which electrical devices their customers use in their homes and when they use them the most.

The company is very excited for the future and how all this new tech can help them beat the competition but you have a big task ahead of you to get things right with their privacy program.

Following the marketing campaigns, which of the following should have been prioritized by the company?

  • A. Anonymizing the customer's data within all the systems.
  • B. Putting in place new processes for valid deletion requests.
  • C. Stopping the sending of marketing emails to these customers.
  • D. Verifying the identity of the customers who made the requests.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Cock
1 year ago
Selected Answer: B
Based on the information provided, the following option should have been prioritized by the company following the marketing campaigns: B. Putting in place new processes for valid deletion requests. When customers requested their data to be deleted following the marketing campaigns, the company should have implemented new processes to handle these requests effectively. Merely removing customers from the marketing lists without deleting their data from various systems is not in compliance with data protection regulations and can lead to potential breaches and reputational damage.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...