U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

IAPP CIPP/C Exam - Topic 2 Question 77 Discussion

A small commercial business in Canada was preparing a mailing to its customers when the letters and the envelopes were mismatched, causing 500 of 1000 letters to be sent to the wrong recipients. The letters contained the name and mailing address of the clients as well as account numbers and account balances.The business has discovered this error as clients called to report receiving the wrong letter and expressing concern that their information has been breached. Which of the following is the most appropriate next step to take?
D) A risk assessment must be completed to determine the real risk of significant harm (RROSH) to the clients.
A) All 1000 clients must be sent new letters.
B) The 500 clients who were impacted must be immediately notified.
C) The Office of the Privacy Commissioner (OPC) must be immediately notified.

IAPP CIPP/C Exam - Topic 2 Question 77 Discussion

Actual exam question for IAPP's CIPP/C exam
Question #: 77
Topic #: 2
[All CIPP/C Questions]

A small commercial business in Canada was preparing a mailing to its customers when the letters and the envelopes were mismatched, causing 500 of 1000 letters to be sent to the wrong recipients. The letters contained the name and mailing address of the clients as well as account numbers and account balances.

The business has discovered this error as clients called to report receiving the wrong letter and expressing concern that their information has been breached. Which of the following is the most appropriate next step to take?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Bette at May 06, 2026, 03:00 PM

Limited Time Offer

25%

Off

Get Premium CIPP/C Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Annabelle
1 month ago
I feel like we talked about risk assessments in class, but I’m not sure if that’s the immediate step here. It seems like the clients need to be informed first.
upvoted 0 times
...
Noelia
1 month ago
I’m not entirely sure, but I think we practiced a similar question where we had to consider the legal obligations. Shouldn't the OPC be notified too?
upvoted 0 times
...
Emeline
2 months ago
I remember discussing the importance of notifying affected clients first in case of a data breach, so I think option B might be the right choice.
upvoted 0 times
...

Save Cancel