New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IAPP CIPP/C Exam - Topic 2 Question 69 Discussion

Actual exam question for IAPP's CIPP/C exam
Question #: 69
Topic #: 2
[All CIPP/C Questions]

A federally regulated company based in Ontario has customers in Ontario, Quebec, New Brunswick, Alberta and British Columbi

a. Unfortunately, a third-party vendor that provides marketing support to the company experiences a privacy breach which impacts the personal information of all its customers across the provinces where it operates.

The Privacy Officer determines that the breach causes a real risk of significant harm to their customers and is tasked with reporting the breach to the relevant regulators.

With which provincial privacy regulators does the company have to file a report?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Rosendo at Nov 24, 2025, 06:59 AM

Limited Time Offer

25%

Off

Get Premium CIPP/C Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Johanna
16 days ago
Wait, really? I thought they had to notify everyone affected!
upvoted 0 times
...
Florinda
21 days ago
Actually, they’re federally regulated, so no need to report.
upvoted 0 times
...
Catina
26 days ago
B) All of the provinces where its customers are located. Yep, that's what I was thinking too. Gotta cover all your bases.
upvoted 0 times
...
Tracey
1 month ago
A) It is unnecessary to file a report with any provinces because the company is federally regulated. Haha, nice try, but I don't think that's how it works.
upvoted 0 times
...
Edda
1 month ago
D) Quebec and Alberta only. Hmm, I'm not sure about this one. Doesn't the company have to report to all the provinces where it has customers?
upvoted 0 times
...
Eun
1 month ago
C) New Brunswick and British Columbia only. Those are the only two provinces mentioned that have their own privacy regulators, right?
upvoted 0 times
...
Nu
2 months ago
B) All of the provinces where its customers are located. Seems like the obvious choice to me.
upvoted 0 times
...
Christiane
2 months ago
I have a vague recollection that New Brunswick and British Columbia have specific rules, but I can't remember if they are the only ones that need to be notified.
upvoted 0 times
...
Lajuana
2 months ago
I practiced a similar question where a company had to report to multiple provinces, so I feel like the answer is B for this one too.
upvoted 0 times
...
Johanna
2 months ago
I'm not entirely sure, but I think the answer might be A because they are federally regulated, right?
upvoted 0 times
...
Sharan
2 months ago
Based on the information provided, I'm leaning towards option B. The company has customers in multiple provinces, so it seems like they'd need to report to all of those provincial regulators.
upvoted 0 times
...
Diane
2 months ago
I'm a bit confused on the differences between federal and provincial privacy laws. I'll need to refresh my memory on that before attempting to answer.
upvoted 0 times
...
Micah
3 months ago
I think the key here is figuring out which provinces have jurisdiction over the company's privacy practices. That should guide which regulators need to be notified.
upvoted 0 times
...
Anglea
3 months ago
I remember studying that federally regulated companies still have to comply with provincial privacy laws, so I think they might need to report to all provinces.
upvoted 0 times
...
Youlanda
3 months ago
I think they need to report to all provinces where customers are.
upvoted 0 times
...
Kasandra
3 months ago
This is tricky! I think it's B.
upvoted 0 times
...
Remona
4 months ago
Okay, let's see. The company is federally regulated, but the breach impacts customers across multiple provinces. I wonder if that changes the reporting requirements.
upvoted 0 times
...
Cristy
4 months ago
Hmm, this is a tricky one. I'll need to carefully review the details about federal and provincial privacy regulations.
upvoted 0 times
Garry
3 months ago
I think it’s B. They need to report to all provinces.
upvoted 0 times
...
...

Save Cancel