Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IAPP CIPP/C Exam - Topic 2 Question 69 Discussion

Actual exam question for IAPP's CIPP/C exam
Question #: 69
Topic #: 2
[All CIPP/C Questions]

A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbi

a. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.

The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.

With which provincial privacy regulators does the company have to file a report?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Rosendo at Nov 24, 2025, 06:59 AM

Limited Time Offer

25%

Off

Get Premium CIPP/C Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Catrice
18 days ago
Exactly, Yasuko! Better safe than sorry!
upvoted 0 times
...
Yasuko
23 days ago
I feel B is safest. Protect all customers.
upvoted 0 times
...
Broderick
29 days ago
No way, Sylvia! Privacy laws vary by province.
upvoted 0 times
...
Sylvia
1 month ago
But isn't it A? Federally regulated means no need to report.
upvoted 0 times
...
Tamera
1 month ago
I agree, all provinces matter here.
upvoted 0 times
...
Justine
1 month ago
I’m not so sure about that, seems like a gray area to me.
upvoted 0 times
...
Virgilio
2 months ago
Totally agree with Youlanda, all provinces should be notified.
upvoted 0 times
...
Johanna
2 months ago
Wait, really? I thought they had to notify everyone affected!
upvoted 0 times
...
Florinda
2 months ago
Actually, they’re federally regulated, so no need to report.
upvoted 0 times
...
Catina
3 months ago
B) All of the provinces where its customers are located. Yep, that's what I was thinking too. Gotta cover all your bases.
upvoted 0 times
...
Tracey
3 months ago
A) It is unnecessary to file a report with any provinces because the company is federally regulated. Haha, nice try, but I don't think that's how it works.
upvoted 0 times
...
Edda
3 months ago
D) Quebec and Alberta only. Hmm, I'm not sure about this one. Doesn't the company have to report to all the provinces where it has customers?
upvoted 0 times
...
Eun
3 months ago
C) New Brunswick and British Columbia only. Those are the only two provinces mentioned that have their own privacy regulators, right?
upvoted 0 times
...
Nu
3 months ago
B) All of the provinces where its customers are located. Seems like the obvious choice to me.
upvoted 0 times
...
Christiane
3 months ago
I have a vague recollection that New Brunswick and British Columbia have specific rules, but I can't remember if they are the only ones that need to be notified.
upvoted 0 times
...
Lajuana
4 months ago
I practiced a similar question where a company had to report to multiple provinces, so I feel like the answer is B for this one too.
upvoted 0 times
...
Johanna
4 months ago
I'm not entirely sure, but I think the answer might be A because they are federally regulated, right?
upvoted 0 times
...
Sharan
4 months ago
Based on the information provided, I'm leaning towards option B. The company has customers in multiple provinces, so it seems like they'd need to report to all of those provincial regulators.
upvoted 0 times
...
Diane
4 months ago
I'm a bit confused on the differences between federal and provincial privacy laws. I'll need to refresh my memory on that before attempting to answer.
upvoted 0 times
...
Micah
4 months ago
I think the key here is figuring out which provinces have jurisdiction over the company's privacy practices. That should guide which regulators need to be notified.
upvoted 0 times
...
Anglea
5 months ago
I remember studying that federally regulated companies still have to comply with provincial privacy laws, so I think they might need to report to all provinces.
upvoted 0 times
...
Youlanda
5 months ago
I think they need to report to all provinces where customers are.
upvoted 0 times
...
Kasandra
5 months ago
This is tricky! I think it's B.
upvoted 0 times
...
Remona
5 months ago
Okay, let's see. The company is federally regulated, but the breach impacts customers across multiple provinces. I wonder if that changes the reporting requirements.
upvoted 0 times
...
Cristy
6 months ago
Hmm, this is a tricky one. I'll need to carefully review the details about federal and provincial privacy regulations.
upvoted 0 times
Chauncey
3 days ago
C and D don’t make sense. They can’t just ignore some provinces.
upvoted 0 times
...
Lemuel
8 days ago
I’m leaning towards B too. Customers are in multiple provinces.
upvoted 0 times
...
Lashaun
13 days ago
But isn’t it A? They’re federally regulated.
upvoted 0 times
...
Garry
5 months ago
I think it’s B. They need to report to all provinces.
upvoted 0 times
...
...

Save Cancel