Certified Information Privacy Professional – United States (CIPP/US) — Question 187

Nearly every state has a data breach notification law with a “compromise standard” for determining when notice is required. Which of the following is the best explanation of what a “compromise” is under this framework?

Answer options

• A. Compromise is defined by the degree to which the affected individuals suffered actual harm or had substantial risk of actual harm.
• B. Compromise is defined by the case law in the jurisdiction and is typically based on the totality of the circumstances.
• C. Compromise means that personally identifiable information was wrongfully accessed by third parties.
• D. Compromise means that the confidentiality, security, or integrity of the information was violated.

Correct answer: D

Explanation

'Compromise' under this framework specifically refers to a breach of confidentiality, security, or integrity of the information, making option D the correct choice. Options A and B focus on harm and case law interpretations, which are not the primary definitions of compromise in this context. Option C describes unauthorized access but doesn't encompass the broader implications of a data breach.