Certified Information Privacy Technologist (CIPT) — Question 126

Which of the following statements describes an acceptable disclosure practice?

Answer options

• A. An organization's privacy policy discloses how data will be used among groups within the organization itself.
• B. With regard to limitation of use, internal disclosure policies override contractual agreements with third parties.
• C. Intermediaries processing sensitive data on behalf of an organization require stricter disclosure oversight than vendors.
• D. When an organization discloses data to a vendor, the terms of the vendor' privacy notice prevail over the organization' privacy notice.

Correct answer: A

Explanation

Option A is correct because it emphasizes that an organization's privacy policy should clearly outline how data is shared internally, which is a standard practice for transparency. The other options present incorrect assertions, such as internal policies overriding third-party agreements (B), intermediaries needing stricter oversight than vendors (C), and vendor privacy notices taking precedence over the organization's own (D), all of which do not adhere to acceptable disclosure practices.