Certified Information Privacy Technologist (CIPT) — Question 101

SCENARIO -
Please use the following to answer next question:
EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.
The app collects the following information:
✑ First and last name
✑ Date of birth (DOB)
✑ Mailing address
✑ Email address
✑ Car VIN number
✑ Car model
✑ License plate
✑ Insurance card number
✑ Photo
✑ Vehicle diagnostics
✑ Geolocation
What would be the best way to supervise the third-party systems the EnsureClaim App will share data with?

Answer options

• A. Review the privacy notices for each third-party that the app will share personal data with to determine adequate privacy and data protection controls are in place.
• B. Conduct a security and privacy review before onboarding new vendors that collect personal data from the app.
• C. Anonymize all personal data collected by the app before sharing any data with third-parties.
• D. Develop policies and procedures that outline how data is shared with third-party apps.

Correct answer: B

Explanation

The correct answer is B, as conducting a security and privacy review before onboarding new vendors ensures that they meet the necessary standards for handling personal data. Option A, while important, is more reactive than proactive. Option C may hinder data utility, and option D does not ensure that the third-party vendors themselves have adequate security measures in place.