Certified Information Privacy Manager (CIPM) — Question 95

If your organization has a recurring issue with colleagues not reporting personal data breaches, all of the following are advisable to do EXCEPT?

Answer options

• A. Carry out a root cause analysis on each breach to understand why the incident happened.
• B. Communicate to everyone that breaches must be reported and how they should be reported.
• C. Provide role-specific training to areas where breaches are happening so they are more aware.
• D. Distribute a phishing exercise to all employees to test their ability to recognize a threat attempt.

Correct answer: D

Explanation

The correct answer is D because distributing a phishing exercise does not directly address the issue of unreported breaches. While it may improve threat recognition, it does not tackle the underlying reasons why employees are not reporting breaches, unlike the other options which focus on communication, training, and understanding the root cause.