IAPP CIPP-E Exam - Topic 5 Question 80 Discussion

Actual exam question for IAPP's CIPP-E exam

Question #: 80
Topic #: 5

SCENARIO

Please use the following to answer the next question:

Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a significant data breach. The executive board, in coordination with the general manager, their Privacy Office and the Information Security team, resolved to adopt additional security measures. These included training awareness programs, a cybersecurity audit, and use of a new software tool called SecurityScan, which scans employees' computers to see if they have software that is no longer being supported by a vendor and therefore not getting security updates. However, this software also provides other features, including the monitoring of employees' computers.

Since these measures would potentially impact employees, Building Block's Privacy Office decided to issue a general notice to all employees indicating that the company will implement a series of initiatives to enhance information security and prevent future data breaches.

After the implementation of these measures, server performance decreased. The general manager instructed the Security team on how to use SecurityScan to monitor employees' computers activity and their location. During these activities, the Information Security team discovered that one employee from Italy was daily connecting to a video library of movies, and another one from Germany worked remotely without authorization. The Security team reported these incidents to the Privacy Office and the general manager. In their report, the team concluded that the employee from Italy was the reason why the server performance decreased.

Due to the seriousness of these infringements, the company decided to apply disciplinary measures to both employees, since the security and privacy policy of the company prohibited employees from installing software on the company's computers, and from working remotely without authorization.

In addition to notifying employees about the purpose of the monitoring, the potential uses of their data and their privacy rights, what information should Building Block have provided them before implementing the security measures?

AInformation about what is specified in the employment contract.

BInformation about who employees should contact with any queries.

CInformation about how providing consent could affect them as employees.

DInformation about how the measures are in the best interests of the company.

Show Suggested Answer

Suggested Answer: B

by Erinn at Jan 25, 2024, 09:57 PM

Limited Time Offer

25%

Off

Get Premium CIPP-E Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Justine

4 months ago

Not sure if these measures really help or just invade privacy.

upvoted 0 times

...

Cherry

4 months ago

Info about who to contact for questions is a must!

upvoted 0 times

...

Maryanne

4 months ago

Wait, they were monitoring us without clear consent?

upvoted 0 times

...

Gracia

4 months ago

Totally agree, transparency is key!

upvoted 0 times

...

Yasuko

4 months ago

They should've told us how consent affects our jobs.

upvoted 0 times

...

Kenneth

5 months ago

I vaguely recall something about option D, but I'm not convinced that just saying it's in the company's best interest is enough to justify the measures.

upvoted 0 times

...

Ariel

5 months ago

I feel like option C is crucial too; understanding consent implications could really impact how employees view their roles.

upvoted 0 times

...

Amina

5 months ago

I think option B makes sense because employees should know who to reach out to with questions about these new measures.

upvoted 0 times

...

Merilyn

5 months ago

I remember we discussed the importance of transparency in monitoring policies, but I'm not sure if they need to specify employment contract details.

upvoted 0 times

...

Rikki

5 months ago

I agree, the company needed to be more upfront about the purpose and potential uses of the data collected through the SecurityScan tool. Employees should have been informed about their rights and how the monitoring could impact them, not just the general purpose of the security initiatives.

upvoted 0 times

...

Dahlia

5 months ago

Based on the details provided, I think Building Block should have given employees information about how the monitoring and data collection could be used, and what their rights are in terms of consent and privacy. Transparency is important when implementing these types of measures.

upvoted 0 times

...

Lettie

5 months ago

I'm a bit confused about the disciplinary measures taken against the employees. Does that factor into the answer, or is the focus solely on the information that should have been provided upfront?

upvoted 0 times

...

Ettie

5 months ago

This scenario seems complex, with a lot of details about the company's security measures and employee incidents. I'll need to carefully read through it to identify the key information needed to answer the question.

upvoted 0 times

...

Jonell

5 months ago

Okay, the question is asking what additional information Building Block should have provided to employees before implementing the security measures. I think the key is to focus on the employees' privacy rights and how the monitoring could affect them.

upvoted 0 times

...

Ora

6 months ago

The graph shows a linear relationship between outside temperature and number of customers per hour, so I think B is one of the correct answers.

upvoted 0 times

...

Irma

6 months ago

Okay, let me break this down. A rigger is someone who works with ropes and equipment, so it makes sense they would need to wear gloves for safety when climbing. I'm going to go with True on this one.

upvoted 0 times

...

Jules

6 months ago

I'm feeling a little unsure about how to approach the operational variances like material mix and yield. I'll need to review those concepts before attempting to solve the full reconciliation.

upvoted 0 times

...

Gladys

6 months ago

I'm pretty confident the underlined text is wrong. The UPDATE statement is used to modify existing data, not to return a set of data. I'll select "No change is needed" since the question is asking us to determine if the underlined text is correct or not.

upvoted 0 times

...

Ruby

10 months ago

The company should have provided clear information about the monitoring, its scope, and employees' rights. Failing to do so is a violation of privacy and could undermine morale and trust.

upvoted 0 times

...

Chun

10 months ago

Haha, yeah, the employee from Germany must have been pretty confident to work remotely without authorization. Maybe he was just trying to get some sun while the rest of us freeze in the office.

upvoted 0 times

Alberto

9 months ago

He probably didn't realize the security team would catch him.

upvoted 0 times

...

Jenelle

9 months ago

I wonder if he thought he could get away with it.

upvoted 0 times

...

Leana

9 months ago

I know right, that's pretty bold of him to work remotely without permission.

upvoted 0 times

...

Lashonda

10 months ago

If I was the employee from Italy, I'd be furious! Monitoring computer activity without clear notice is a massive breach of trust. No wonder server performance took a hit - the employees were too busy hiding their movie marathons.

upvoted 0 times

Tamie

9 months ago

It's important for employees to know who to contact with any queries regarding the security measures.

upvoted 0 times

...

Wilson

9 months ago

I think the company should have provided information about how providing consent could affect employees as well.

upvoted 0 times

...

Davida

9 months ago

I agree, it's definitely a breach of trust. Employees should have been informed about the monitoring before it was implemented.

upvoted 0 times

...

Cristina

11 months ago

I agree, the company should have been more transparent and given employees a chance to provide informed consent. Hiding the details behind vague 'security' measures is shady.

upvoted 0 times

Rory

10 months ago

C) Information about how providing consent could affect them as employees.

upvoted 0 times

...

Velda

10 months ago

B) Information about who employees should contact with any queries.

upvoted 0 times

...

Emile

10 months ago

A) Information about what is specified in the employment contract.

upvoted 0 times

...

Bea

11 months ago

The company should have provided more detailed information about the monitoring and its impact on employees' privacy before implementing the security measures. Employees have a right to know how their data will be used and what their options are.

upvoted 0 times

Hollis

10 months ago

The company should have explained how the measures are in the best interests of the company to the employees.

upvoted 0 times

...

Weldon

10 months ago

It's important for employees to know who to contact with any queries regarding the security measures.

upvoted 0 times

...

Glenn

10 months ago

They should have also been given information about what is specified in the employment contract.

upvoted 0 times

...

Edgar

11 months ago

Employees should have been informed about how providing consent could affect them as employees.

upvoted 0 times

...

Zita

11 months ago

I believe they should have also informed employees about how providing consent could affect them as employees.

upvoted 0 times

...

Luisa

11 months ago

I agree with you, Louis. Employees need to know what they are agreeing to when they sign the contract.

upvoted 0 times

...

Louis

11 months ago

I think the company should have provided information about what is specified in the employment contract.

upvoted 0 times

...

Annalee

11 months ago

I also believe that employees should have been informed about how providing consent could affect them as employees. It's important for transparency and trust.

upvoted 0 times

...

Leota

11 months ago

I agree with you, Cherrie. Employees need to know what they are agreeing to and what is expected of them according to their contract.

upvoted 0 times

...

Cherrie

11 months ago

I think the company should have provided information about what is specified in the employment contract before implementing the security measures.

upvoted 0 times

...