ExamTopics Logo
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPT All Questions

View all questions & answers for the CIPT exam
Go to Exam

Exam CIPT topic 1 question 103 discussion

Actual exam question from IAPP's CIPT
Question #: 103
Topic #: 1
[All CIPT Questions]

An organization based in California, USA is implementing a new online helpdesk solution for recording customer call information. The organization considers the capture of personal data on the online helpdesk solution to be in the interest of the company in best servicing customer calls.
Before implementation, a privacy technologist should conduct which of the following?

  • A. A Data Protection Impact Assessment (DPIA) and consultation with the appropriate regulator to ensure legal compliance.
  • B. A privacy risk and impact assessment to evaluate potential risks from the proposed processing operations.
  • C. A Legitimate Interest Assessment (LIA) to ensure that the processing is proportionate and does not override the privacy, rights and freedoms of the customers.
  • D. A security assessment of the help desk solution and provider to assess if the technology was developed with a security by design approach.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate- interests/
by 837vq3 at Oct. 27, 2021, 5:55 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
waterdogs
5 months ago
Selected Answer: B
'Legitimate Interest Assessment' is a GDPR term and GDPR requirement, not specifically required under californian law. in any case, best servicing customer calls by asking for PI doesnt sound like an ethical edge case that warrants a LIA, a DPIA or PIA of the system is more standard practice. but since consulting with a regulator is also not something i've heard any regulator do, the answer is probably B.
upvoted 1 times
...
moxiangnaicha
5 months, 2 weeks ago
Selected Answer: C
Because the question specifically mentioned this is done in the interest of the company
upvoted 1 times
waterdogs
5 months ago
pretty sure 'Legitimate Interest Assessment' is a GDPR term and GDPR requirement, not specifically required under californian law. in any case, best servicing customer calls by asking for PI doesnt sound like an ethical edge case that warrants a LIA, a DPIA or PIA of the system is more standard practice. but since consulting with a regulator is also not something i've heard any regulator do, the answer is probably B.
upvoted 1 times
...
...
Ssourav
6 months ago
Selected Answer: A
A. A Data Protection Impact Assessment (DPIA) and consultation with the appropriate regulator to ensure legal compliance. A DPIA is essential for identifying and mitigating privacy risks related to the processing of personal data, especially when implementing new systems that handle customer information. It ensures compliance with data protection regulations and helps address potential privacy concerns before implementation.
upvoted 1 times
waterdogs
5 months ago
consultation with the appropriate regulator? not sure that's a legitimate option for most companies and haven't heard of this being standard practice
upvoted 1 times
...
...
Ahpl
2 years, 11 months ago
why not B? Privacy and Data Protection Impact Assessments - Assessments evaluating privacy harms and issues for major activities undertaken by an organization.
upvoted 2 times
...
837vq3
3 years, 3 months ago
https://dataprivacymanager.net/what-is-lia-legitimate-interests-assessment-and-how-to-conduct-it/
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago