ExamGecko
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search

Related questions











Question 53 - CIPM discussion

Report
Export

SCENARIO

Please use the following to answer the next QUESTION:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office's strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year's end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed.

As Richard begins to research more about Data Lifecycle Management (DLM), he discovers that the law office can lower the risk of a data breach by doing what?

A.

Prioritizing the data by order of importance.

Answers
A.

Prioritizing the data by order of importance.

B.

Minimizing the time it takes to retrieve the sensitive data.

Answers
B.

Minimizing the time it takes to retrieve the sensitive data.

C.

Reducing the volume and the type of data that is stored in its system.

Answers
C.

Reducing the volume and the type of data that is stored in its system.

D.

Increasing the number of experienced staff to code and categorize the incoming data.

Answers
D.

Increasing the number of experienced staff to code and categorize the incoming data.

Suggested answer: C

Explanation:

As Richard begins to research more about Data Lifecycle Management (DLM), he discovers that the law office can lower the risk of a data breach by reducing the volume and the type of data that is stored in its system. This is because storing less data means having less data to protect and less data to lose in case of a breach.By reducing the volume and the type of data that is stored in its system, the law office can also comply with the data minimization principle under the GDPR and other data protection regulations, which requires that personal data should be adequate, relevant and limited to what is necessary for the purposes for which they are processed3Therefore, this option is a way to lower the risk of a data breach.

The other options are not ways to lower the risk of a data breach by applying DLM principles. Prioritizing the data by order of importance may help to allocate resources and optimize performance, but it does not necessarily reduce the risk of a data breach. Minimizing the time it takes to retrieve the sensitive data may improve efficiency and responsiveness, but it does not necessarily reduce the risk of a data breach.Increasing the number of experienced staff to code and categorize the incoming data may enhance data quality and accuracy, but it does not necessarily reduce the risk of a data breach.Reference:3:Article 5 GDPR | General Data Protection Regulation (GDPR);4:Data Lifecycle Management: A Complete Guide | Splunk

asked 22/11/2024
Jose Manuel Belmonte Martinez
34 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first