Free Preparation Discussions
MENU
IAPP Exam CIPT Topic 2 Question 106 Discussion
Topic #: 2
SCENARIO
Please use the following to answer next question:
EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.
The app collects the following information:
First and last name
Date of birth (DOB)
Mailing address
Email address
Car VIN number
Car model
License plate
Insurance card number
Photo
Vehicle diagnostics
Geolocation
All of the following technical measures can be implemented by EnsureClaim to protect personal information that is accessible by third-parties EXCEPT?
While encryption, access controls, and multi-factor authentication are all technical measures that can protect personal information, de-identification specifically refers to the process of removing or modifying personal data so that individuals cannot be readily identified. Since EnsureClaim needs to provide personal data to third parties (such as insurance claim adjusters) for specific purposes (e.g., claim assessment), de-identification would not be appropriate as these third parties require access to identifiable information to perform their roles effectively.
IAPP Certification Textbooks, particularly the sections on data protection measures and the limitations of de-identification.
'Anonymization and Pseudonymization,' IAPP Privacy Handbook.
Currently there are no comments in this discussion, be the first to comment!