New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

IAPP Exam CIPP-US Topic 2 Question 63 Discussion

Actual exam question for IAPP's CIPP-US exam
Question #: 63
Topic #: 2
[All CIPP-US Questions]

Which of the following conditions would NOT be sufficient to excuse an entity from providing breach notification under state law?

Show Suggested Answer Hide Answer
Suggested Answer: C

While compliance with the Safeguards Rule helps in preventing breaches and ensuring data security, it does not necessarily exempt an entity from having to provide breach notifications as required by state laws. State breach notification laws typically have their own criteria for when notification is required, which may include factors like the type of data compromised, the potential risk of harm to individuals, and other circumstances surrounding the breach. While following the GLBA Safeguards Rule may demonstrate a commitment to data security, it doesn't automatically override the notification obligations imposed by state laws when a data breach occurs.


Contribute your Thoughts:

Kristel
3 months ago
Encryption, access, procedures... it's like a cybersecurity alphabet soup! I'm just gonna close my eyes and pick one. D sounds good to me.
upvoted 0 times
...
Judy
3 months ago
Wait, are we talking about state law or federal law? This is getting confusing. I'm going to go with C, just to be safe.
upvoted 0 times
Mitsue
1 months ago
Yeah, I'll go with C as well. Better safe than sorry.
upvoted 0 times
...
Marylou
2 months ago
I'm not sure, but I think C is the safest option.
upvoted 0 times
...
Adolph
2 months ago
I agree, it's getting confusing. I'll go with C too.
upvoted 0 times
...
Eric
2 months ago
I think we're talking about state law, not federal law.
upvoted 0 times
...
Yuette
2 months ago
I agree, C seems like the safest option to choose.
upvoted 0 times
...
Noemi
2 months ago
Yeah, it's definitely about state law. I'll go with C too.
upvoted 0 times
...
Markus
2 months ago
I think we're talking about state law, not federal law.
upvoted 0 times
...
...
Ruthann
3 months ago
Haha, the GLBA Safeguards Rule? What is this, a trick question? Clearly the right answer is D, if the entity followed their own internal procedures.
upvoted 0 times
Claribel
2 months ago
Yeah, I agree. That seems like the most logical choice.
upvoted 0 times
...
Anisha
3 months ago
Yeah, that makes sense. It's important to follow your own notification procedures.
upvoted 0 times
...
Gracie
3 months ago
I think the answer is D, if the entity followed internal procedures.
upvoted 0 times
...
Mirta
3 months ago
I think the answer is D, if the entity followed internal procedures.
upvoted 0 times
...
...
Earnestine
3 months ago
That's a good point, maybe we should reconsider our answers.
upvoted 0 times
...
Vanda
4 months ago
Hmm, I'm not so sure about that. Isn't encryption supposed to protect against breaches? I think A might be the right answer.
upvoted 0 times
...
Janna
4 months ago
But wouldn't following internal notification procedures be a sufficient condition to excuse breach notification?
upvoted 0 times
...
Earnestine
4 months ago
I disagree, I believe the correct answer is D) If the entity followed internal notification procedures compatible with state law.
upvoted 0 times
...
Corinne
4 months ago
I'm pretty sure the correct answer is B. If the data was accessed but not exported, that should be enough to avoid breach notification requirements.
upvoted 0 times
Elli
3 months ago
C) If the entity was subject to the GLBA Safeguards Rule.
upvoted 0 times
...
Isadora
3 months ago
B) If the data involved was accessed but not exported.
upvoted 0 times
...
Ressie
3 months ago
A) If the data involved was encrypted.
upvoted 0 times
...
...
Janna
4 months ago
I think the answer is C) If the entity was subject to the GLBA Safeguards Rule.
upvoted 0 times
...

Save Cancel