Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IAPP CIPM Exam - Topic 7 Question 58 Discussion

Actual exam question for IAPP's CIPM exam
Question #: 58
Topic #: 7
[All CIPM Questions]

Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?

Show Suggested Answer Hide Answer
Suggested Answer: B

If your organization provides a SaaS tool for B2B services and does not interact with individual consumers, and a client's current employee reaches out with a right to delete request, the most appropriate response is to redirect the individual back to their employer to understand their rights and how this might impact access to company tools. This is because your organization is acting as a processor for the client, who is the controller of the employee's personal dat

a. The controller is responsible for determining the purposes and means of processing personal data, as well as responding to data subject requests. The processor should only process personal data on behalf of and in accordance with the instructions of the controller.Therefore, you should not forward the request to the client, process the request without consulting the client, or deny the request based on business contact information being exempt from privacy rights laws1,2.Reference:CIPM - International Association of Privacy Professionals,Free CIPM Study Guide - International Association of Privacy Professionals


by Corinne at Feb 07, 2024, 06:24 AM

Limited Time Offer

25%

Off

Get Premium CIPM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jesusa
4 months ago
Option D is misleading, there are privacy laws that might apply.
upvoted 0 times
...
Golda
4 months ago
Wait, can we really just ignore their request? Sounds sketchy.
upvoted 0 times
...
Katina
4 months ago
Option B seems more appropriate, they should go through their employer.
upvoted 0 times
...
Titus
4 months ago
Totally agree, gotta check with the client first!
upvoted 0 times
...
Sabra
4 months ago
I think option A is the best way to handle this.
upvoted 0 times
...
Mabelle
5 months ago
I recall that business data is often treated differently under privacy laws, so option D might be correct, but I’m not completely confident about it.
upvoted 0 times
...
Cora
5 months ago
I practiced a similar question where we had to consider the implications of data deletion. Processing the request without confirmation seems risky, right?
upvoted 0 times
...
Pete
5 months ago
I’m not entirely sure, but I feel like redirecting the individual back to their employer could be a good way to handle it. It seems like the right approach.
upvoted 0 times
...
Cathern
5 months ago
I think I remember that we should always verify the authority of the requester, so maybe forwarding it to the client contact is the safest option?
upvoted 0 times
...
Isreal
5 months ago
I've got this one! The best approach is to forward the request to the client contact and let them guide us on how to proceed. That way we're covering our bases.
upvoted 0 times
...
Margurite
5 months ago
Okay, I think the key here is to understand the client's policies and procedures around data privacy. We'll want to make sure we're handling this request properly.
upvoted 0 times
...
Jeannetta
5 months ago
This seems like a tricky one. I'll need to think carefully about the implications of each response option.
upvoted 0 times
...
Dexter
5 months ago
Hmm, I'm a bit confused here. I'm not sure if we can just process the request or if we need to involve the client contact.
upvoted 0 times
...
Arthur
6 months ago
I'm a little confused by this question. There are a few different Dynamics 365 options listed, and I'm not sure which one would be the best fit. I'd probably need to do some research on the capabilities of each one to determine the right solution for the company's needs.
upvoted 0 times
...
Shanda
6 months ago
This seems like a straightforward question about report creation in Office. Based on the information provided, I think the Blank Report option is the way to go to create a new report in the Design view. I'm feeling confident about this one.
upvoted 0 times
...
Marjory
6 months ago
Okay, let me think this through. The company wants a legal obligation for the exchange rate, but also a separation from the underlying transaction. I'm leaning towards a forward contract, as that seems to match the requirements the best.
upvoted 0 times
...
Bambi
6 months ago
Okay, I think I've got this. The data represents counts of calls, so it's discrete and not continuous. That means it's likely a categorical variable. I'll go with option A.
upvoted 0 times
...
Joesph
6 months ago
No problem, I've got this. The mean is 900 Kelvin and the standard deviation is 54, so the coefficient of variation is 54 / 900 = 0.06 or 6%.
upvoted 0 times
...
Vilma
2 years ago
I think in that case we should follow option D and explain our position regarding privacy rights.
upvoted 0 times
...
Jade
2 years ago
But what if the client's contact doesn't respond? Should we just delete the data?
upvoted 0 times
...
Nadine
2 years ago
I agree with Pansy. The client should have the final say on this matter.
upvoted 0 times
...
Pansy
2 years ago
I think we should forward the request to the client's contact. It's their data after all.
upvoted 0 times
...

Save Cancel