IAPP CIPP/US Exam - Topic 2 Question 13 Discussion

Actual exam question for IAPP's CIPP/US exam

Question #: 13
Topic #: 2

Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles

outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.

Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?

AIf law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.

BIf the job candidates' credit card information and the encryption keys were among the information taken.

CIf Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.

DIf the personal information stolen included the individuals' names and credit card pin numbers.

Show Suggested Answer

Suggested Answer: D

by Sharika at May 07, 2022, 08:25 PM

Limited Time Offer

25%

Off

Get Premium CIPP/US Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Gilberto

4 months ago

D is surprising, why would they keep PINs?

upvoted 0 times

...

Micaela

5 months ago

A seems too vague, they should notify regardless.

upvoted 0 times

...

Willard

5 months ago

Wait, they encrypt everything, right? How could it get breached?

upvoted 0 times

...

Donette

5 months ago

I think C makes sense too, harm is subjective.

upvoted 0 times

...

Bong

5 months ago

Definitely B, credit card info is a big deal!

upvoted 0 times

...

Lelia

5 months ago

I practiced a similar question where the focus was on the type of data breached. I think option D could also be relevant if sensitive information like PINs is involved.

upvoted 0 times

...

Leota

5 months ago

I'm not entirely sure, but I feel like option B could be a strong reason to notify since it mentions credit card info and encryption keys being compromised.

upvoted 0 times

...

Emily

5 months ago

I remember studying about data breach notification laws, and I think option C makes sense because if they believe candidates could be harmed, they should notify them.

upvoted 0 times

...

Carissa

5 months ago

I’m a bit confused about option A. I thought notifications were usually required regardless of law enforcement's involvement, but maybe I’m misremembering?

upvoted 0 times

...

Tresa

5 months ago

I think the purpose of the IASB's conceptual framework is to provide information about economic entities that is useful in making economic decisions, so I'll go with option A.

upvoted 0 times

...

Katie

5 months ago

I think the key here is to focus on the factors that are directly related to the compensation strategy, rather than peripheral elements. I'll eliminate the options that don't fit that criteria.

upvoted 0 times

...

Gilma

5 months ago

Okay, I've got a good feeling about this one. The key is understanding the difference between the agent states and how they transition between them. I'm confident I can figure out the right answer.

upvoted 0 times

...