Certified Information Privacy Manager (CIPM) — Question 221

In regards to the collection of personal data conducted by an organization, what must the data subject be allowed to do?

Answer options

• A. Evaluate the qualifications of a third-party processor before any data is transferred to that processor.
• B. Set a time-limit as to how long the personal data may be stored by the organization.
• C. Challenge the authenticity of the personal data and have it corrected if needed.
• D. Obtain a guarantee of prompt notification in instances involving unauthorized access of the data.

Correct answer: C

Explanation

The correct answer is C because data subjects have the right to challenge the accuracy of their personal data and request corrections as part of data protection regulations. Options A, B, and D do not specifically address the rights of individuals to rectify their data, making them incorrect in this context.