IAPP CIPM Exam - Topic 6 Question 97 Discussion

Actual exam question for IAPP's CIPM exam

Question #: 97
Topic #: 6

A systems audit uncovered a shared drive folder containing sensitive employee data with no access controls and therefore was available for all employees to view. What is the first step to mitigate further risks?

ANotify all employees whose information was contained in the file.

BCheck access logs to see who accessed the folder.

CNotify legal counsel of a privacy incident.

DRestrict access to the folder.

Show Suggested Answer

Suggested Answer: D

by Kristel at Apr 13, 2026, 04:24 AM

Limited Time Offer

25%

Off

Get Premium CIPM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Katlyn

Definitely D, restricting access is crucial!

upvoted 0 times

...

Chanel

14 days ago

I agree with restricting access first, but I wonder if notifying employees is also necessary. It feels like there are multiple layers to consider here.

upvoted 0 times

...

Rosalia

19 days ago

I practiced a similar question where we had to assess risks. I feel like checking access logs could help understand the impact, but it might not be the immediate step.

upvoted 0 times

...

Jarvis

24 days ago

I'm not entirely sure, but I remember something about notifying legal counsel being important in these situations. Maybe that's a priority too?

upvoted 0 times

...

Vernice

29 days ago

I think the first step should be to restrict access to the folder. It seems like a basic security measure to prevent further exposure.

upvoted 0 times

...