Certified Information Privacy Professional – United States (CIPP/US) — Question 210
The CFO of a pharmaceutical company is duped by a phishing email and discloses many of the company’s employee personnel files to an online predator. The files include employee contact information, job applications, performance reviews, discipline records, and job descriptions.
Which of the following state laws would be an affected employee’s best recourse against the employer?
Answer options
- A. The state social security number confidentiality statute.
- B. The state personnel record review statute.
- C. The state data destruction statute.
- D. The state UDAP statute.
Correct answer: B
Explanation
The correct answer is B, as the state personnel record review statute typically allows employees to review and contest the contents of their personnel files. The other options, while relevant to privacy and data handling, do not specifically address employees' rights to access and review their personnel records in the context of a data breach.