Certified Information Privacy Professional – Europe (CIPP/E) — Question 278

Through a combination of hardware failure and human error, the decryption key for a bank's customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

Answer options

• A. A data breach has not occurred because the loss was not the result of hacking.
• B. A data breach has not occurred because no data was exposed to any unauthorized individual
• C. A data breach has occurred because the loss of the key has resulted in the data no longer being accessible
• D. A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data

Correct answer: C

Explanation

The correct answer is C because the loss of the decryption key means that the data is no longer accessible, which constitutes a breach of access. Options A and B incorrectly state that a data breach requires hacking or exposure to unauthorized individuals, while option D mischaracterizes the situation, as confidentiality and integrity are not compromised if the data is simply inaccessible.