Certified Information Privacy Manager (CIPM) — Question 72

What is the main purpose in notifying data subjects of a data breach?

Answer options

• A. To avoid financial penalties and legal liability
• B. To enable regulators to understand trends and developments that may shape the law
• C. To ensure organizations have accountability for the sufficiency of their security measures
• D. To allow individuals to take any actions required to protect themselves from possible consequences

Correct answer: D

Explanation

The correct answer is D because notifying individuals allows them to take protective measures against possible negative effects of the breach, such as identity theft. Options A, B, and C focus on organizational accountability and regulatory considerations, which, while important, do not prioritize the individual's need to respond to the breach.