Exam CIPP-US topic 1 question 39 discussion

The answer should be A: "The Disposal Rule requires any individual or entity that uses a consumer report, or information derived from a consumer report, for a business purpose to dispose of that consumer information in a way that prevents unauthorized access and misuse of the data. Consumer reports can be electronic or written. The rule applies to both small and large organizations, including consumer reporting agencies, lenders, employers, insurers, landlords, car dealers, attorneys, debt collectors, and government agencies." and "Examples of acceptable, reasonable measures include developing and complying with policies to: Burn, pulverize or shred papers containing consumer report information so that the information cannot be read or reconstructed Destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed Conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the rule"

The correct answer is A. To follow the Disposal Rule by having the reports shredded. Reference: The IAPP textbook, U.S. Private-Sector Privacy, 4th Edition, 2024, Section 9.2.1 The Disposal Rule: "Consumer reports can be electronic or written. The rule applies to both small and large organizations, including consumer reporting agencies, lenders, employers, insurers, landlords, car dealers, attorneys, debt collectors, and government agencies." The correct answer, according to the author, is C. To follow the Privacy Rule by notifying customers that the reports are being stored. Here is why it's incorrect: The Privacy Rule, under the Gramm-Leach-Bliley Act (GLBA), deals with how financial institutions handle customer privacy and the disclosure of personal information, but it does not specifically address the storage of credit reports in the way described in the scenario. Therefore, of the choices provided, following the Disposal Rule by having the reports shredded is a better answer to the question asked.

The Disposal Rule requires any individual or entity that uses a consumer report, or information derived from a consumer report, for a business purpose to dispose of that consumer information in a way that prevents unauthorized access and misuse of the data. Consumer reports can be electronic or written. The rule applies to both small and large organizations, including consumer reporting agencies, lenders, employers, insurers, landlords, “CAR DEALERS”, attorneys, debt collectors, and government agencies.

the answer is A

Correct answer is A

The answer is A

https://www.shrednations.com/articles/facta-compliance/ Proper Disposal of Sensitive Information Lastly, FACTA requires creditors and financial institutions to take “reasonable measures to protect against unauthorized access to or use of consumer information” by means of proper disposal. To ensure private information is not compromised it required that reasonable steps be taken to destroy private information beyond a doubt before it leaves the hands of any financial institution.

The correct answer is A.