CIPP-US · Question #92
CIPP-US Question #92: Real Exam Question with Answer & Explanation
The correct answer is B. If the job candidates' credit card information and the encryption keys were among the information. Under the California Consumer Privacy Act (CCPA), a business that collects personal information of California residents must notify them of a data breach if their personal information is subject to unauthorized access and exfiltration, theft, or disclosure as a result of the busi
Question
Options
- AIf law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to
- BIf the job candidates' credit card information and the encryption keys were among the information
- CIf Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data
- DIf the personal information stolen included the individuals' names and credit card pin numbers.
Explanation
Under the California Consumer Privacy Act (CCPA), a business that collects personal information of California residents must notify them of a data breach if their personal information is subject to unauthorized access and exfiltration, theft, or disclosure as a result of the business's violation of the duty to implement and maintain reasonable security procedures and practices. However, the CCPA excludes encrypted or redacted personal information from the definition of personal information, unless the encryption key or security credential is also compromised. Therefore, Privacy Is Hiring Inc. would need to notify the affected individuals only if the encryption keys were also taken along with the credit card information, as this would render the encryption ineffective and expose the personal information to unauthorized access.
Community Discussion
No community discussion yet for this question.