Certified Information Privacy Professional – United States (CIPP/US) — Question 46

Which of the following best describes an employer’s privacy-related responsibilities to an employee who has left the workplace?

Answer options

• A. An employer has a responsibility to maintain a former employee’s access to computer systems and company data needed to support claims against the company such as discrimination.
• B. An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee.
• C. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual.
• D. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose.

Correct answer: D

Explanation

The correct answer is D because employers are required to protect sensitive employment records even after an employee leaves, as these documents may still be necessary for legitimate business purposes. Option A is incorrect because maintaining access to systems for former employees can pose security risks. Option B is misleading since not all records can or should be permanently deleted; some must be retained for compliance or legal reasons. Option C is inaccurate, as privacy obligations do not automatically end with the termination of employment.