IAPP Exam CIPM Topic 1 Question 78 Discussion

Actual exam question for IAPP's CIPM exam

Question #: 78
Topic #: 1

[All CIPM Questions]

Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request. what is the most appropriate response?

AForward the request to the contact on file for the client asking them how they would like you to proceed.

BRedirect the individual back to their employer to understand their rights and how this might impact access to company tools.

CProcess the request assuming that the individual understands the implications to their organization if their information is deleted.

DExplain you are unable to process the request because business contact information and associated data is not covered under privacy rights laws.

Show Suggested Answer

Suggested Answer: B

If your organization provides a SaaS tool for B2B services and does not interact with individual consumers, and a client's current employee reaches out with a right to delete request, the most appropriate response is to redirect the individual back to their employer to understand their rights and how this might impact access to company tools. This is because your organization is acting as a processor for the client, who is the controller of the employee's personal dat

a. The controller is responsible for determining the purposes and means of processing personal data, as well as responding to data subject requests. The processor should only process personal data on behalf of and in accordance with the instructions of the controller.Therefore, you should not forward the request to the client, process the request without consulting the client, or deny the request based on business contact information being exempt from privacy rights laws1,2.Reference:CIPM - International Association of Privacy Professionals,Free CIPM Study Guide - International Association of Privacy Professionals

by Rosamond at Jan 12, 2025, 07:29 AM

Limited Time Offer

25%

Off

Get Premium CIPM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Teri

16 days ago

Haha, can you imagine if they just deleted the data? The client would be so mad! B) is definitely the way to go.

upvoted 0 times

...

Latosha

19 days ago

This is a tricky one. I'd be tempted to just delete the data and get it over with, but B) is probably the safest option.

upvoted 0 times

Mona

11 days ago

A) Forward the request to the contact on file for the client asking them how they would like you to proceed.

upvoted 0 times

...

1 months ago

B) Seems like the appropriate response. The individual should work with their employer to understand the implications of deleting their info.

upvoted 0 times

Rolande

1 months ago

D) Explain you are unable to process the request because business contact information and associated data is not covered under privacy rights laws.

upvoted 0 times

...

Helaine

1 months ago

A) Forward the request to the contact on file for the client asking them how they would like you to proceed.

upvoted 0 times

...

Tamar

1 months ago

B) Redirect the individual back to their employer to understand their rights and how this might impact access to company tools.

upvoted 0 times

...