Certified Information Privacy Manager (CIPM) — Question 183

Your company provides a SaaS tool for B2B services and does not interact with individual consumers. A client's current employee reaches out with a right to delete request, what is the most appropriate response?

Answer options

• A. Forward the request to the contact on file for the client asking them how they would like you to proceed.
• B. Redirect the individual back to their employer to understand their rights and how this might impact access to company tools.
• C. Process the request assuming that the individual understands the implications to their organization if their information is deleted.
• D. Explain you are unable to process the request because business contact information and associated data is not covered under privacy rights laws.

Correct answer: B

Explanation

The correct response is B because it directs the employee to their employer, which is essential in a B2B context where the organization holds the rights to the employee's data. Option A does not directly address the employee's request or clarify their rights, while C assumes the individual understands the broader implications, and D incorrectly states that business data is not covered under privacy laws, which can vary based on jurisdiction.