Certified Information Privacy Manager (CIPM) — Question 78
An organization's privacy officer was just notified by the benefits manager that she accidentally sent out the retirement enrollment report of all employees to a wrong vendor.
Which of the following actions should the privacy officer take first?
Answer options
- A. Perform a risk of harm analysis.
- B. Report the incident to law enforcement.
- C. Contact the recipient to delete the email.
- D. Send firm-wide email notification to employees.
Correct answer: C
Explanation
The correct action is to contact the recipient to delete the email, as this is a critical first step to mitigate the risk of unauthorized access to sensitive information. Reporting to law enforcement (B) is typically not immediate unless there’s a clear threat, performing a risk analysis (A) can follow after the immediate action, and sending a firm-wide notification (D) may cause unnecessary alarm before understanding the situation fully.