IAPP CIPP/US Exam - Topic 8 Question 15 Discussion

Actual exam question for IAPP's CIPP/US exam

Question #: 15
Topic #: 8

Which of the following statements is most accurate in regard to data breach notifications under federal and

state laws:

AYou must notify the Federal Trade Commission (FTC) in addition to affected individuals if over 500 individuals are receiving notice.

BWhen providing an individual with required notice of a data breach, you must identify what personal information was actually or likely compromised.

CWhen you are required to provide an individual with notice of a data breach under any state's law, you must provide the individual with an offer for free credit monitoring.

DThe only obligations to provide data breach notification are under state law because currently there is no federal law or regulation requiring notice for the breach of personal information.

Show Suggested Answer

Suggested Answer: B

by Estrella at May 06, 2022, 10:16 AM

Limited Time Offer

25%

Off

Get Premium CIPP/US Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Tamesha

4 months ago

Wait, no federal law at all? That seems surprising!

upvoted 0 times

...

Willard

5 months ago

D is misleading; there are federal guidelines in place now.

upvoted 0 times

...

Lawrence

5 months ago

C sounds right, but is it mandatory everywhere?

upvoted 0 times

...

Alpha

5 months ago

I think B is the most accurate. You have to specify what was compromised.

upvoted 0 times

...

Rikki

5 months ago

A is true if over 500 people are affected!

upvoted 0 times

...

Lorrie

5 months ago

I feel like I read somewhere that offering free credit monitoring is not always required, so I'm hesitant about option C.

upvoted 0 times

...

Edwin

5 months ago

I think option B sounds familiar because we discussed how important it is to specify what information was compromised in our practice questions.

upvoted 0 times

...

Pearline

5 months ago

I remember studying about the FTC's role in data breaches, but I'm not sure if they always need to be notified.

upvoted 0 times

...

Lavonna

5 months ago

I thought there were some federal guidelines about data breaches, so I'm not convinced that D is entirely accurate.

upvoted 0 times

...

Lavonna

5 months ago

I'm a bit confused on this one. Is it asking about the going concern assumption or something else? I'll have to review my notes to make sure I understand the concepts before answering.

upvoted 0 times

...

Lettie

5 months ago

Option D also looks promising with the Enterprise Communication Strategy and Connected Campus features. I'll need to research those a bit more to see how they could address the requirements.

upvoted 0 times

...

Jerry

5 months ago

Hmm, let me think through this carefully. I want to make sure I understand all the different patching methods before selecting the right ones.

upvoted 0 times

...