Certified Information Privacy Professional – United States (CIPP/US) — Question 81

Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.
Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?

Answer options

• A. If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.
• B. If the job candidates’ credit card information and the encryption keys were among the information taken.
• C. If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.
• D. If the personal information stolen included the individuals’ names and credit card pin numbers.

Correct answer: B

Explanation

The correct answer is B because if credit card information and encryption keys are compromised, it poses a significant risk to the candidates, requiring notification. Option A is incorrect as it depends on law enforcement's actions, while C is too vague and subjective, and D is incorrect because while names and PINs may be sensitive, the specific mention of credit card information and encryption keys in B presents a clearer legal obligation to notify.