Certified Information Privacy Professional – United States (CIPP/US) — Question 92

Once a breach has been definitively established, which task should be prioritized next?

Answer options

• A. Involving law enforcement and state Attorneys General.
• B. Determining what was responsible for the breach and neutralizing the threat.
• C. Providing notice to the affected parties so they can take precautionary measures.
• D. Implementing remedial measures and evaluating how to prevent future breaches.

Correct answer: B

Explanation

The correct answer is B because understanding the cause of the breach and neutralizing the threat is crucial to prevent further damage. While notifying affected parties (C) and involving law enforcement (A) are important, they come after addressing the immediate threat. Implementing remedial measures (D) is also necessary but should follow the identification and mitigation of the breach's cause.