Certified Information Privacy Manager (CIPM) — Question 65

You are the Privacy Officer (PO) at a University. Recently, the police have contacted you as they suspect that one of your students is using a library computer to commit financial fraud. The police would like your assistance in investigating this individual and are requesting computer logs and usage data of the student. What is your first step in responding to the request?

Answer options

• A. Refuse the request as the police do not have a warrant.
• B. Provide the data to police and record it for your own archives.
• C. Contact the University's legal counsel to determine if the request is lawful.
• D. Review policies, procedures and legislation to determine the University's obligation to co-operate with the police.

Correct answer: C

Explanation

The correct answer is C because consulting with the University's legal counsel is essential to ensure that any action taken complies with legal standards. Options A and B are incorrect as refusing without legal grounding or providing data without verifying its legality can lead to legal repercussions. Option D, while relevant, does not directly address the immediate need for legal clarification.