IAPP Exam CIPP-C Topic 5 Question 21 Discussion

Actual exam question for IAPP's CIPP-C exam

Question #: 21
Topic #: 5

A small commercial business in Canada was preparing a mailing to its customers when the letters and the envelopes were mismatched, causing 500 of 1000 letters to be sent to the wrong recipients. The letters contained the name and mailing address of the clients as well as account numbers and account balances.

The business has discovered this error as clients called to report receiving the wrong letter and expressing concern that their information has been breached. Which of the following is the most appropriate next step to take?

AAll 1000 clients must be sent new letters.

BThe 500 clients who were impacted must be immediately notified.

CThe Office of the Privacy Commissioner (OPC) must be immediately notified.

DA risk assessment must be completed to determine the real risk of significant harm (RROSH) to the clients.

Show Suggested Answer

Suggested Answer: C

by Cherry at Feb 04, 2023, 09:43 PM

Limited Time Offer

25%

Off

Get Premium CIPP-C Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Felton

11 hours ago

Hmm, I'd say option D is the way to go. Gotta assess the risk before taking any action, right? Can't just jump the gun without knowing the full scope of the issue.

upvoted 0 times

...