Certified Information Privacy Technologist (CIPT) — Question 113

There are two groups of users in a company, where one group is allowed to see credit card numbers, while the other group is not. Both are accessing the data through the same application. The most effective and efficient way to achieve this would be?

Answer options

• A. Have two copies of the data, one copy where the credit card numbers are obfuscated, while the other copy has them in the clear. Serve up from the appropriate copy depending on the user accessing it.
• B. Have the data encrypted at rest, and selectively decrypt it for the users who have the rights to see it.
• C. Obfuscate the credit card numbers whenever a user who does not have the right to see them accesses the data.
• D. Drop credit card numbers altogether whenever a user who does not have the right to see them accesses the data.

Correct answer: B

Explanation

Option B is correct because encrypting data at rest allows for secure storage and controlled access, ensuring only authorized users can decrypt and view sensitive information. Option A is less efficient due to maintaining multiple copies of data, while Options C and D do not provide a robust method for managing sensitive data access.