Certified Information Privacy Professional – United States (CIPP/US) — Question 142

If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

Answer options

• A. Uses the transferred data for limited purposes
• B. Provides the same level of privacy protection as the organization
• C. Notifies the organization if it can no longer meet its requirements for proper data handling
• D. Enters a contract with the organization that states the third party will process data according to the consent agreement

Correct answer: D

Explanation

The correct answer is D because while it is important for third parties to follow privacy protocols, Privacy Shield does not explicitly require a contract for this purpose. Options A, B, and C are essential responsibilities for the third party to ensure that personal data is handled appropriately and in alignment with the organization's privacy standards.