Certified Information Privacy Manager (CIPM) — Question 240

What is the Privacy Officer’s first action after being told that her firm is planning to sell its credit card processing business?

Answer options

• A. Perform a Record of Processing Activity (ROPA).
• B. Review technical security controls.
• C. Review contractual obligations.
• D. Review data mapping.

Correct answer: C

Explanation

The Privacy Officer's initial step should be to Review contractual obligations to ensure compliance with existing agreements and legal requirements related to the sale. The other options, while important, pertain to different aspects of data management and security that may come into play after assessing the contractual obligations.