CIPP-E Exam QuestionsBrowse all questions from this exam
Go to Exam

CIPP-E Exam - Question 52

SCENARIO -

Please use the following to answer the next question:

Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a significant data breach. The executive board, in coordination with the general manager, their Privacy Office and the Information Security team, resolved to adopt additional security measures. These included training awareness programs, a cybersecurity audit, and use of a new software tool called SecurityScan, which scans employees’ computers to see if they have software that is no longer being supported by a vendor and therefore not getting security updates. However, this software also provides other features, including the monitoring of employees’ computers.

Since these measures would potentially impact employees, Building Block’s Privacy Office decided to issue a general notice to all employees indicating that the company will implement a series of initiatives to enhance information security and prevent future data breaches.

After the implementation of these measures, server performance decreased. The general manager instructed the Security team on how to use SecurityScan to monitor employees’ computers activity and their location. During these activities, the Information Security team discovered that one employee from Italy was daily connecting to a video library of movies, and another one from Germany worked remotely without authorization. The Security team reported these incidents to the Privacy Office and the general manager. In their report, the team concluded that the employee from Italy was the reason why the server performance decreased.

Due to the seriousness of these infringements, the company decided to apply disciplinary measures to both employees, since the security and privacy policy of the company prohibited employees from installing software on the company’s computers, and from working remotely without authorization.

What would be the MOST APPROPRIATE way for Building Block to handle the situation with the employee from Italy?

Show Answer
Correct Answer: C

The employee was not informed that the security measures would be used for purposes such as monitoring, which could present significant difficulty for the company in applying disciplinary measures. Transparency and proper notification are fundamental requirements under data protection regulations like GDPR, and failure to comply with these requirements can restrict the employer's ability to enforce disciplinary actions based on improperly communicated monitoring activities.

Discussion

4 comments
Sign in to comment
ZeroStaticOption: C
Apr 1, 2023

The official sample resources mention C as the correct answer. :' )

mummifier2023Option: C
Oct 4, 2023

any monitoring of employees is considered to be intrusive, but there are degrees of intrusiveness. That's why WP29 has stated that prevention is more important than detection.It is recomended to employers to explore other options before monitoring. In this case, the employer failed to comply with the transparency requirement and for that reason, could face trouble taking disciplinary actions, especially because an employee does not loose its right to privacy in the work place. Correct response C

YNWA67Option: C
Feb 26, 2024

The correct answer is C. This is the from the Official IAPP practice exam.

SecurmecOption: C
Sep 4, 2023

Local labor laws or company rules may determine when an employee can be dismissed. This is not convered by GDPR. So for me "D" cannot be the right answer.