Certified Information Privacy Professional – United States (CIPP/US) — Question 18

If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?

Answer options

• A. The organization will still be in compliance with most sector-specific privacy and security laws.
• B. The impact of an organizational data breach will be more severe than if the data had been segregated.
• C. Temporary employees will be able to find the data necessary to fulfill their responsibilities.
• D. The organization will be able to address legal discovery requests efficiently without producing more information than necessary.

Correct answer: B

Explanation

Answer B is correct because combining high and low sensitivity data increases the risk and potential impact of a data breach, making it more severe. The other options either downplay the risks involved, suggest ease of access for temporary employees that could lead to security issues, or imply compliance and efficiency that may not be attainable when sensitive data is mixed.