CIPT Exam QuestionsBrowse all questions from this exam
Go to Exam

CIPT Exam - Question 82

A privacy engineer reviews a newly developed on-line registration page on a company's website. The purpose of the page is to enable corporate customers to submit a returns / refund request for physical goods. The page displays the following data capture fields: company name, account reference, company address, contact name, email address, contact phone number, product name, quantity, issue description and company bank account details.

After her review, the privacy engineer recommends setting certain capture fields as `non-mandatory`. Setting which of the following fields as `non-mandatory` would be the best example of the principle of data minimization?

Show Answer
Correct Answer: AB

The principle of data minimization aims to ensure that only the data absolutely necessary for a specific purpose is collected and processed. In the context of processing a returns/refund request, the contact phone number is not strictly necessary. The main purpose can be fulfilled with the company name, account reference, company address, contact name, email address, product name, quantity, issue description, and bank account details. The contact phone number can be optional as communication can still be maintained through email, thus minimizing the amount of personally identifiable information collected.

Discussion

7 comments
Sign in to comment
187sanOption: A
Dec 23, 2021

A is the answer

AhplOption: A
Mar 13, 2022

A is a better answer

JPB11Option: D
Apr 13, 2022

This is Privacy right...i.e. individuals....A is not the right answer

StantsOption: A
Feb 27, 2024

The best example of applying the principle of data minimization in this scenario would be: A. The contact phone number field. Here's why: The contact phone number may not always be necessary for processing return/refund requests. While it can be useful for communication purposes, it may not be essential for every transaction. By making the contact phone number field non-mandatory, the company can reduce the amount of data collected from users, aligning with the principle of data minimization. Other fields like company name, account reference, and product details are likely essential for processing the request and may need to be mandatory to ensure the request is valid and can be efficiently handled. Therefore, making the contact phone number field non-mandatory strikes a balance between collecting necessary information for processing requests and minimizing the collection of potentially unnecessary data.

ChaChaMcGrawOption: C
May 24, 2022

This makes no sense to me. Why is the NAME and ADDRESS of the company who wants the refund not mandatory?

pipzzOption: B
Jul 12, 2022

If account reference is provided then they should not need to provide company name and address because that will be linked to account reference on the customer database.

PaigeH7Option: A
Mar 24, 2024

You don't necessarily have to have the contact number for a refund