Certified Information Privacy Professional – United States (CIPP/US) — Question 215

An organization self-certified under Privacy Shield must, upon request by an individual, do what?

Answer options

• A. Suspend the use of all personal information collected by the organization to fulfill its original purpose.
• B. Provide the identities of third parties with whom the organization shares personal information.
• C. Provide the identities of third and fourth parties that may potentially receive personal information.
• D. Identify all personal information disclosed during a criminal investigation.

Correct answer: B

Explanation

The correct answer is B because organizations under Privacy Shield are required to disclose the identities of third parties they share personal information with. Options A, C, and D do not accurately reflect the obligations under Privacy Shield; A implies a complete halt to data usage, C expands on third parties unnecessarily, and D is unrelated to the Privacy Shield requirements.