Free Preparation Discussions
MENU
IAPP CIPM Exam - Topic 6 Question 51 Discussion
Topic #: 6
SCENARIO
Please use the following to answer the next QUESTION:
Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the Society's store had been hacked. The thefts could have been employee-related.
Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the ''misunderstanding'' has not occurred again.
As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters, however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues of sales of items such as shirts and coffee cups from the store have been significant. The Society's operating budget is slim, and all sources of revenue are essential.
Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data cloud. ''The good news,'' he says, ''is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a small charge to pass through to you, it won't be exorbitant, especially considering the advantages of a cloud.''
Lately, you have been hearing about cloud computing and you know it's fast becoming the new paradigm for various applications. However, you have heard mixed reviews about the potential impacts on privacy protection. You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared conventions and technologies for privacy protection. You make a note to find out if Jason's Finnish provider is signing on.
What is the best way to prevent the Finnish vendor from transferring data to another party?
The first stage in the incident response plan under the General Data Protection Regulation (GDPR) for this scenario would be to contain the impact of the breach. This means taking immediate action to stop the unauthorized access or disclosure of personal data, and to prevent it from happening again in the future. This could involve revoking access to the data, notifying the employee who mistakenly sent the data, and implementing security measures to prevent similar breaches from occurring in the future.
Micaela
4 months agoAdelaide
4 months agoVicky
4 months agoShanice
4 months agoFrankie
5 months agoCasie
5 months agoYong
5 months agoAdelle
5 months agoEliz
5 months agoLashawna
5 months agoGerman
5 months agoAudra
5 months agoCeola
5 months agoFannie
5 months agoAudra
6 months agoEric
6 months agoIola
10 months agoTherese
9 months agoSusy
9 months agoIvette
10 months agoRozella
11 months agoLeslee
9 months agoLeslee
9 months agoLeslee
10 months agoTawna
11 months agoRikki
9 months agoNguyet
9 months agoDell
9 months agoGail
10 months agoHarley
11 months agoBarabara
10 months agoAdelina
10 months agoBeckie
10 months agoSuzan
10 months agoHolley
10 months agoSalome
10 months agoMillie
11 months agoAngelica
11 months agoRenea
11 months agoPaulina
12 months ago