Certified Information Privacy Manager (CIPM) — Question 169

You're managing the internal privacy mailbox and are notified that a sales team member recently sent emails to their clients that included an excel spreadsheet of their client data. They just realized that the spreadsheet only hid the data of other clients and was not deleted. How do you respond?

Answer options

• A. Confirm they have deleted the spreadsheet and requested all clients to do the same.
• B. Ask what type of data was included on the spreadsheet and trigger an incident notice.
• C. Ask them to send you the spreadsheet and advise them to notify the clients' cyber security team.
• D. Confirm how many people received the spreadsheet and advise the employee to keep this issue to themselves.

Correct answer: B

Explanation

The correct answer is B because it is essential to understand the nature of the data that was exposed in order to assess the risk and respond appropriately. Option A does not address the need for an incident report, C does not ensure proper investigation and reporting, and D encourages secrecy instead of transparency, which is not advisable in such cases.