Exam CIPM All QuestionsBrowse all questions from this exam
Go to Exam
Question 208

SCENARIO -

Please use the following to answer the next question:

Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm's first ever privacy officer.

While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.

You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year - enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn't have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.

After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.

While reviewing the contract with the firm the CRM mobility project was outsourced to, all of the following should be mandatory EXCEPT?

    Correct Answer: D

    When reviewing a contract for an outsourced CRM mobility project, it is essential to include provisions that directly address data security and privacy concerns. Right to audit ensures that you can verify compliance with security and privacy practices. Breach notification requires the outsourced firm to inform you promptly in case of a data breach. Security commitment specifies the measures the firm will take to protect the data. While Service Level Agreements (SLAs) are important for defining the level of service expected from the outsourced firm, they are more focused on performance metrics rather than directly addressing privacy and security concerns.

Discussion
thecheaterzOption: D

SLA are common in contracts, but when it comes to a DPA, audit, breach and security commitments make more sense

rhyst1921Option: D

While SLAs are important for defining the level of service expected from the outsourced firm, they might not directly address data security and privacy concerns.

DPRamoneOption: C

A, B, and D are quantifiable, verifiable, and enforeceable. C is not.

CockOption: A

A? Maybe