Certified Information Privacy Manager (CIPM) — Question 45

For an organization that has just experienced a data breach, what might be the least relevant metric for a company's privacy and governance team?

Answer options

• A. The number of security patches applied to company devices.
• B. The number of privacy rights requests that have been exercised.
• C. The number of Privacy Impact Assessments that have been completed.
• D. The number of employees who have completed data awareness training.

Correct answer: B

Explanation

The number of privacy rights requests exercised (option B) is less relevant immediately after a data breach compared to other metrics, as it does not directly address the breach's impact or prevention. In contrast, the other metrics focus on security measures and employee training that are critical for mitigating future incidents.