IAPP Exam CIPP/C Topic 5 Question 21 Discussion

Actual exam question for IAPP's CIPP/C exam

Question #: 21
Topic #: 5

A small commercial business in Canada was preparing a mailing to its customers when the letters and the envelopes were mismatched, causing 500 of 1000 letters to be sent to the wrong recipients. The letters contained the name and mailing address of the clients as well as account numbers and account balances.

The business has discovered this error as clients called to report receiving the wrong letter and expressing concern that their information has been breached. Which of the following is the most appropriate next step to take?

AAll 1000 clients must be sent new letters.

BThe 500 clients who were impacted must be immediately notified.

CThe Office of the Privacy Commissioner (OPC) must be immediately notified.

DA risk assessment must be completed to determine the real risk of significant harm (RROSH) to the clients.

Show Suggested Answer

Suggested Answer: C

by Cherry at Feb 04, 2023, 09:43 PM

Limited Time Offer

25%

Off

Get Premium CIPP/C Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jimmie

1 months ago

Alright, time to play 'Privacy Police' and get the OPC on the case. Option C all the way, no question about it. Gotta cover those bases, am I right?

upvoted 0 times

...

Ruthann

1 months ago

Chloe

upvoted 0 times

...

Golda

1 months ago

All 1000 clients getting new letters? That's overkill, man. Just send the 500 who got the wrong ones and be done with it. Option B is the way to go.

upvoted 0 times

Tracie

6 days ago

Sending new letters to all 1000 clients seems excessive.

upvoted 0 times

...

Brittney

9 days ago

I agree, notifying the 500 impacted clients is the most important step.

upvoted 0 times

...

Marguerita

2 months ago

The Office of the Privacy Commissioner? Definitely gotta bring them in on this one. Option C is the responsible choice here, no doubt.

upvoted 0 times

Sheridan

2 days ago

I agree, notifying the Office of the Privacy Commissioner is crucial in this situation.

upvoted 0 times

...

Carisa

3 days ago

The 500 impacted clients need to be informed as soon as possible to address their concerns.

upvoted 0 times

...

Nana

5 days ago

A risk assessment should definitely be done to understand the potential harm to the clients.

upvoted 0 times

...

Jesusita

11 days ago

Sending new letters to all 1000 clients might be necessary to ensure their information is secure.

upvoted 0 times

...

Johana

13 days ago

A risk assessment should definitely be done to assess the potential harm to the clients.

upvoted 0 times

...

Stephania

20 days ago

I agree, notifying the Office of the Privacy Commissioner is crucial in this situation.

upvoted 0 times

...

Denae

20 days ago

Sending new letters to all 1000 clients might be necessary to ensure all affected are informed.

upvoted 0 times

...

Henriette

1 months ago

I agree, notifying the Office of the Privacy Commissioner is crucial in this situation.

upvoted 0 times

...

Kyoko

2 months ago

500 clients impacted? Yikes, that's a lot! I'd go with option B - those folks need to know ASAP that their info got messed up. They'll want to be on top of that, for sure.

upvoted 0 times

Ulysses

2 months ago

Definitely, it's important to keep them informed about what happened.

upvoted 0 times

...

Twila

2 months ago

I agree, those 500 clients need to be notified right away.

upvoted 0 times

...

Felton

2 months ago

Hmm, I'd say option D is the way to go. Gotta assess the risk before taking any action, right? Can't just jump the gun without knowing the full scope of the issue.

upvoted 0 times

...