ExamGecko
Search Search Login
Home Home / IAPP / CIPM
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Your marketing team wants to know why they need a check box for their SMS opt-in. You explain it is part of the consumer's right to?
In a sample metric template, what does ''target'' mean?
An online retailer detects an incident involving customer shopping history but no keys have been compromised. The Privacy Offce is most concerned when it also involves?
Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?
Under the GDPR. when the applicable lawful basis for the processing of personal data is a legal obligation with which the controller must comply. which right can the data subject exercise?
Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?
When a data breach incident has occurred. the first priority is to determine?
Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?
A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?
You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you take to achieve this objective?

Question 113 - CIPM discussion

Report
Export

SCENARIO

Please use the following to answer the next QUESTION:

Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new privacy officer. The company is based in California but thanks to some great publicity from a social media influencer last year, the company has received an influx of sales from the EU and has set up a regional office in Ireland to support this expansion. To become familiar with Ace Space's practices and assess what her privacy priorities will be, Penny has set up meetings with a number of colleagues to hear about the work that they have been doing and their compliance efforts.

Penny's colleague in Marketing is excited by the new sales and the company's plans, but is also concerned that Penny may curtail some of the growth opportunities he has planned. He tells her ''I heard someone in the breakroom talking about some new privacy laws but I really don't think it affects us. We're just a small company. I mean we just sell accessories online, so what's the real risk?'' He has also told her that he works with a number of small companies that help him get projects completed in a hurry. ''We've got to meet our deadlines otherwise we lose money. I just sign the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes time that we just don't have.''

In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken a number of precautions to protect its website from malicious activity, it has not taken the same level of care of its physical files or internal infrastructure. Penny's colleague in IT has told her that a former employee lost an encrypted USB key with financial data on it when he left. The company nearly lost access to their customer database last year after they fell victim to a phishing attack. Penny is told by her IT colleague that the IT team ''didn't know what to do or who should do what. We hadn't been trained on it but we're a small team though, so it worked out OK in the end.'' Penny is concerned that these issues will compromise Ace Space's privacy and data protection.

Penny is aware that the company has solid plans to grow its international sales and will be working closely with the CEO to give the organization a data ''shake up''. Her mission is to cultivate a strong privacy culture within the company.

Penny has a meeting with Ace Space's CEO today and has been asked to give her first impressions and an overview of her next steps.

What information will be LEAST crucial from a privacy perspective in Penny's review of vendor contracts?

A.

Audit rights

Answers
A.

Audit rights

B.

Liability for a data breach

Answers
B.

Liability for a data breach

C.

Pricing for data security protections

Answers
C.

Pricing for data security protections

D.

The data a vendor will have access to

Answers
D.

The data a vendor will have access to

Suggested answer: C

Explanation:

The information that will be least crucial from a privacy perspective in Penny's review of vendor contracts is the pricing for data security protections . This is because the pricing for data security protections is a business decision that does not directly affect the privacy rights and obligations of Ace Space and its customers. The pricing for data security protections may be relevant for budgeting and negotiating purposes, but it does not determine the level or adequacy of data security measures that the vendor must provide to protect personal data.

The other options are more crucial from a privacy perspective in Penny's review of vendor contracts. Audit rights (A) are important to ensure that Ace Space can monitor and verify the vendor's compliance with the contract terms and the applicable privacy laws and regulations. Audit rights allow Ace Space to access the vendor's records, systems, policies and procedures related to personal data processing and to conduct inspections or assessments as needed. Liability for a data breach (B) is important to allocate the responsibility and consequences of a data breach involving personal data that the vendor processes on behalf of Ace Space. Liability for a data breach may include indemnification, compensation, notification, remediation and termination clauses that protect Ace Space's interests and obligations in the event of a data breach. The data a vendor will have access to (D) is important to define the scope, purpose, duration and conditions of the personal data processing that the vendor will perform for Ace Space. The data a vendor will have access to may include the categories, types, sources, recipients and retention periods of personal data that the vendor will collect, store, use or share on behalf of Ace Space.

CIPM Body of Knowledge Domain II: Privacy Program Operational Life Cycle - Task 3: Implement privacy program components - Subtask 3: Establish third-party processor management program

CIPM Study Guide - Chapter 4: Privacy Program Operational Life Cycle - Section 4.3: Third-Party Processor Management

Show Answer
asked 22/11/2024
Darren Bilmen
35 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms