Home

Home / IAPP / CIPM

Question list

List of questions

Question 1

(0)

SCENARIO Please use the following to answer the next QUESTION: It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new in

Question 2

(0)

SCENARIO Please use the following to answer the next QUESTION: It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new in

Question 3

(0)

SCENARIO Please use the following to answer the next QUESTION: It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new in

Question 4

(0)

SCENARIO Please use the following to answer the next QUESTION: It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new in

Question 5

(0)

Which is NOT an influence on the privacy environment external to an organization?

Question 6

(0)

SCENARIO Please use the following to answer the next QUESTION: Edufox has hosted an annual convention of users of its famous e-learning software platform, and over time, it has become a grand even

Question 7

(0)

SCENARIO Please use the following to answer the next QUESTION: Edufox has hosted an annual convention of users of its famous e-learning software platform, and over time, it has become a grand even

Question 8

(0)

SCENARIO Please use the following to answer the next QUESTION: Edufox has hosted an annual convention of users of its famous e-learning software platform, and over time, it has become a grand even

Question 9

(0)

SCENARIO Please use the following to answer the next QUESTION: Edufox has hosted an annual convention of users of its famous e-learning software platform, and over time, it has become a grand even

Question 10

(0)

What is one obligation that the General Data Protection Regulation (GDPR) imposes on data processors?

Open VPLUS File

Convert VPLUS to PDF

Related questions

Your marketing team wants to know why they need a check box for their SMS opt-in. You explain it is part of the consumer's right to?

In a sample metric template, what does ''target'' mean?

An online retailer detects an incident involving customer shopping history but no keys have been compromised. The Privacy Offce is most concerned when it also involves?

Under the General Data Protection Regulation (GDPR), what are the obligations of a processor that engages a sub-processor?

Under the GDPR. when the applicable lawful basis for the processing of personal data is a legal obligation with which the controller must comply. which right can the data subject exercise?

Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the controller's behalf?

When a data breach incident has occurred. the first priority is to determine?

Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?

A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?

You would like to better understand how your organization can demonstrate compliance with international privacy standards and identify gaps for remediation. What steps could you take to achieve this objective?

Question 125 - CIPM discussion

Report

What is most critical when outsourcing data destruction service?

A.

Obtain a certificate of data destruction.

B.

Confirm data destruction must be done on-site.

C.

Conduct an annual in-person audit of the provider's facilities.

D.

Ensure that they keep an asset inventory of the original data.

Suggested answer: A

Explanation:

Obtaining a certificate of data destruction is the most critical step when outsourcing data destruction service. Data destruction is the process of permanently erasing or destroying personal information from electronic devices or media so that it cannot be recovered or reconstructed. Data destruction is an important part of data protection and retention policies, as it helps prevent unauthorized access, disclosure, or misuse of personal information that is no longer needed or relevant. Outsourcing data destruction service can be convenient and cost-effective for an organization that does not have the resources or expertise to perform it in-house. However, outsourcing also involves transferring personal information to a third-party provider that may not have the same level of security or accountability as the organization. Therefore, obtaining a certificate of data destruction from the provider is essential to verify that the data destruction has been performed according to the agreed standards and specifications, and that no copies or backups have been retained by the provider. A certificate of data destruction should include information such as: the date and time of the data destruction; the method and level of the data destruction; the serial numbers or identifiers of the devices or media; the name and signature of the person who performed the data destruction; and any relevant laws or regulations that apply to the data destruction.

CIPM Body of Knowledge (2021), Domain IV: Privacy Program Operational Life Cycle Section B: Protecting Personal Information Subsection 4: Data Retention

CIPM Study Guide (2021), Chapter 8: Protecting Personal Information Section 8.4: Data Retention

CIPM Textbook (2019), Chapter 8: Protecting Personal Information Section 8.4: Data Retention

CIPM Practice Exam (2021), Question 149

Show Answer

asked 22/11/2024

Gilbert Ciepluch

48 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first