Certified Information Privacy Manager (CIPM) — Question 98

The owner of an ice cream store has decided to begin accepting credit and debit cards for payment. To comply with industry standards, the owner will need to do which of the following?

Answer options

• A. Seek ISO 27001 certification.
• B. Implement PCI data security controls.
• C. Issue a privacy notice to store customers.
• D. Use only vendor-supplied system passwords.

Correct answer: B

Explanation

The correct answer is B, as implementing PCI data security controls is essential for businesses that handle credit card transactions to protect customer data. The other options, while relevant to security and privacy, do not specifically address the requirements for accepting card payments under PCI standards.