Certified Information Privacy Manager (CIPM) — Question 67

In which situation would a Privacy Impact Assessment (PIA) be the least likely to be required?

Answer options

• A. If a company created a credit-scoring platform five years ago.
• B. If a health-care professional or lawyer processed personal data from a patient's file.
• C. If a social media company created a new product compiling personal data to generate user profiles.
• D. If an after-school club processed children's data to determine which children might have food allergies.

Correct answer: A

Explanation

The correct answer is A because a credit-scoring platform created five years ago is unlikely to trigger a current PIA requirement, as the product has already been established. Options B, C, and D involve current processing of personal data or new products which typically necessitate a PIA to assess privacy risks.