Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CIPT All Questions

View all questions & answers for the CIPT exam

Exam CIPT topic 1 question 72 discussion

Actual exam question from IAPP's CIPT
Question #: 72
Topic #: 1
[All CIPT Questions]

SCENARIO -
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:

Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed
Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
In a business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues.
These vendors included Application developers and cloud solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
✑ A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
✑ A resource facing web interface that enables resources to apply and manage their assigned jobs.
✑ An online payment facility for customers to pay for services.
If Clean-Q were to utilize LeadOps' services, what is a contract clause that may be included in the agreement entered into with LeadOps?

  • A. A provision that holds LeadOps liable for a data breach involving Clean-Q's information.
  • B. A provision prescribing technical and organizational controls that LeadOps must implement.
  • C. A provision that requires LeadOps to notify Clean-Q of any suspected breaches of information that involves customer or resource information managed on behalf of Clean-Q.
  • D. A provision that allows Clean-Q to conduct audits of LeadOps' information processing and information security environment, at LeadOps' cost and at any time that Clean-Q requires.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Ssourav
3 months, 2 weeks ago
Selected Answer: B
B. A provision prescribing technical and organizational controls that LeadOps must implement. This provision ensures that LeadOps follows specific standards and practices for securing data, which is foundational for maintaining data privacy and security throughout the duration of the contract. However, combining this with other provisions such as breach notification (C) and audit rights (D) would provide a comprehensive approach to managing data protection risks.
upvoted 1 times
...
PaigeH7
8 months ago
Selected Answer: C
Clean Q is the Controller , Lead OPS operator
upvoted 1 times
...
Ame123456789
1 year, 8 months ago
Poor question scribing, I feel. A. A provision that holds LeadOps liable for a data breach involving Clean-Q's information. is probably true. Contracts is about liability and indemities. So "liable" word is used with a different meaning. B. A provision prescribing technical and organizational controls that LeadOps must implement. not right - DC may not be in the position to scribe. C. A provision that requires LeadOps to notify Clean-Q of any suspected breaches of information that involves customer or resource information managed on behalf of Clean-Q. maybe right - the "on behalf of Clean Q" is just saying that LeadOps is managing the data on behalf. not reporting to regulator on behalf. D. A provision that allows Clean-Q to conduct audits of LeadOps' information processing and information security environment, at LeadOps' cost and at any time that Clean-Q requires. in reality, this clause is common, but "not any time that Clean Q requires" - impractical. So C is likely to be the right answer
upvoted 1 times
...
pipzz
2 years, 4 months ago
Selected Answer: C
Best answer. The GDPR requires a processor to notify a controller if it becomes aware of a breach of personal data it is processing on behalf of the controller. The governing legal document may provide for a stricter notification requirement, including notification if the processor even merely “suspects” a breach has occurred.
upvoted 1 times
...
Magim1920
2 years, 5 months ago
It's almost as if the question is wrong and should read "What is NOT a contractual clause.. .." All of these are commonly found in SSCs in European Union countries, except A - you cannot outsource your liability as data controller to a processor.
upvoted 2 times
...
ChaBum
2 years, 8 months ago
Selected Answer: B
B, the TOMs Technical and Organisational Measures (GDPR Art 32 & Recital 78),
upvoted 2 times
...
k4d4v4r
2 years, 11 months ago
Selected Answer: C
C is the best answer. Never saw a D situation in real life scenarios.
upvoted 3 times
ChaBum
2 years, 8 months ago
There is no reason to inform an external party about a SUSPECTED breach
upvoted 1 times
...
...
837vq3
3 years, 1 month ago
The part that I do not like in "D" is this: "at LeadOpsג€™ cost and at any time that Clean-Q requires". As far as I know, audits are not performed at the expense of the vendor. If the client wants to audit a vendor, the client pays for it, correct?
upvoted 2 times
ChaBum
2 years, 8 months ago
It could be part of the contract to have the vendor pass through audits on regular basis. But those audits are conducted by third party company and not the client. If a client want to audit a vendor, the vendor will normally charge the client for the resources provided to conduct the audit. What I find non-realistic is the "at any time that Clean-Q requires", the audit should happen at a time which is convenient for both parties.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...