Exam CIPM All QuestionsBrowse all questions from this exam
Go to Exam
Question 207

SCENARIO -

Please use the following to answer the next question:

Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm's first ever privacy officer.

While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.

You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year - enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn't have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.

After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.

All of the following would address your concern of the printer room EXCEPT?

    Correct Answer: B

    To address the main concern in the printer room, which is the improper disposal of sensitive documents, immediate actions should be taken to ensure secure disposal methods are implemented. This can include placing a shredder in the room, putting up reminders to shred documents, and enforcing a policy for paper record destruction. Initiating a Privacy Impact Assessment (PIA) does not directly address the immediate issue of secure document disposal in the printer room; it is more suited for evaluating broader privacy risks associated with new projects or systems, such as the CRM mobility project.

Discussion
CockOption: C

The option that does not address the concern of the printer room is: B. Initiating a Privacy Impact Assessment (PIA). While a Privacy Impact Assessment (PIA) is an important tool to assess the potential privacy risks and impacts of a project or initiative, it does not directly address the immediate concern of the printer room. A PIA would be more relevant and applicable when evaluating the privacy implications of the CRM mobility project or any other new information system or data processing activity within the organization.

thecheaterzOption: B

a PIA will not help with paper shredding awareness

MaritzTeeOption: B

B. Initiating a Privacy Impact Assessment (PIA). While a Privacy Impact Assessment (PIA) is an important tool to assess the potential privacy risks and impacts of a project or initiative, it does not directly address the immediate concern of the printer room. A PIA would be more relevant and applicable when evaluating the privacy implications of the CRM mobility project or any other new information system or data processing activity within the organization. B. Initiating a Privacy Impact Assessment (PIA). While a Privacy Impact Assessment (PIA) is an important tool to assess the potential privacy risks and impacts of a project or initiative, it does not directly address the immediate concern of the printer room. A PIA would be more relevant and applicable when evaluating the privacy implications of the CRM mobility project or any other new information system or data processing activity within the organization.

SsouravOption: C

Hanging a poster reminding users to shred paper would not address your concern of the printer room. The other options would all help to address the privacy concerns with the printer room: Placing a paper shredder in the printer room would allow employees to easily shred sensitive documents before disposing of them in the recycle bin or garbage can. Initiating a Privacy Impact Assessment (PIA) would help to identify and assess the privacy risks associated with the printer room and develop mitigation strategies. Implementing a new paper record destruction policy would ensure that sensitive paper records are destroyed in a secure manner.