New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IAPP Exam CIPP-E Topic 3 Question 96 Discussion

Actual exam question for IAPP's CIPP-E exam
Question #: 96
Topic #: 3
[All CIPP-E Questions]

As a Data Protection Officer for a small bank in the European Union, you receive a data subject access request from one of your customers. The customer provides you with his

name, and has used the email address registered in your system.

What would be the most appropriate way to confirm the identity of the customer?

Show Suggested Answer Hide Answer
Suggested Answer: B

According to the CIPP/E study guide, data controllers should use the least intrusive means of verifying the identity of data subjects who make requests under the GDPR. Asking for a copy of an ID document or a bank account statement may be disproportionate and excessive, as they contain more personal data than necessary for authentication. Asking for the bank account number may not be sufficient, as it may be easily obtained by third parties. Therefore, the most appropriate way to confirm the identity of the customer is to ask additional security questions that only the customer would know, such as the date of the last transaction, the amount of the last deposit, or the name of the beneficiary of a recurring payment.


Contribute your Thoughts:

Golda
2 months ago
Haha, imagine if the customer was like, 'My ID? Yeah, I left that at home. Can I just send you a selfie instead?'
upvoted 0 times
...
Goldie
2 months ago
D is the correct answer. A government ID is the most secure way to confirm the customer's identity.
upvoted 0 times
Reyes
2 months ago
Caitlin: Thank you for providing that. Your identity has been confirmed.
upvoted 0 times
...
Caitlin
2 months ago
Sure, here is a copy of my ID.
upvoted 0 times
...
Nell
2 months ago
Can you confirm your identity by providing a copy of your government-issued ID?
upvoted 0 times
...
...
Arlette
2 months ago
Hmm, I don't know. Requesting their bank account number seems a bit too invasive, don't you think?
upvoted 0 times
Stefanie
1 months ago
Xochitl: Agreed, let's go with that.
upvoted 0 times
...
Laila
1 months ago
User 3: That sounds like a better option to confirm the customer's identity.
upvoted 0 times
...
Xochitl
2 months ago
Maybe we can request additional security questions instead.
upvoted 0 times
...
Mariann
2 months ago
I agree, asking for the bank account number is too much.
upvoted 0 times
...
...
Edelmira
3 months ago
I'm not sure, but I think requesting additional security questions could also be a good way to confirm the identity of the customer.
upvoted 0 times
...
Caitlin
3 months ago
B would be my pick. Security questions are a standard practice to verify the customer's identity.
upvoted 0 times
Reid
2 months ago
Agreed. Security questions can help ensure the customer's identity is confirmed.
upvoted 0 times
...
Kenneth
2 months ago
That's a good choice. It's important to have multiple layers of verification.
upvoted 0 times
...
Gianna
2 months ago
B) Request that the customer answer additional security questions.
upvoted 0 times
...
...
Micah
3 months ago
I agree with Madelyn. It's important to verify the identity of the customer before providing any personal data.
upvoted 0 times
...
Sabra
3 months ago
D is the way to go. A government-issued ID is the most reliable way to confirm the customer's identity.
upvoted 0 times
Avery
2 months ago
I agree, requesting a copy of the customer's government-issued ID document is the most secure way to confirm identity.
upvoted 0 times
...
Avery
3 months ago
D is the best option. A government-issued ID is the most reliable way to confirm identity.
upvoted 0 times
...
...
Madelyn
3 months ago
I think the most appropriate way would be to request a copy of the customer's government-issued ID document.
upvoted 0 times
...

Save Cancel