Certified Information Privacy Professional – Europe (CIPP/E) — Question 241

As a Data Protection Officer for a small bank in the European Union, you receive a data subject access request from one of your customers. The customer provides you with his name, and has used the email address registered in your system.

What would be the most appropriate way to confirm the identity of the customer?

Answer options

• A. Request that the customer provide his bank account number.
• B. Request that the customer answer additional security questions.
• C. Request a copy of the customer's last bank account statement.
• D. Request a copy of the customer's government-issued ID document.

Correct answer: B

Explanation

The correct answer is B because answering additional security questions can help verify the identity of the customer without exposing sensitive information. Options A and C may not effectively confirm identity as they could be easily falsified, while option D, although valid, may not be necessary if the email and security questions can sufficiently verify the customer.