Certified Chief Information Security Officer (CCISO) — Question 64
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised.
What kind of law would require notifying the owner or licensee of this incident?
Answer options
- A. Consumer right disclosure
- B. Data breach disclosure
- C. Special circumstance disclosure
- D. Security incident disclosure
Correct answer: B
Explanation
The correct answer is B, Data breach disclosure, as it specifically pertains to notifying affected individuals when their personal information has been compromised. The other options do not directly address the obligation to notify in the event of a data breach involving personal information.