Certified Information Privacy Technologist (CIPT) — Question 173

Which of the following would be the most appropriate solution for preventing privacy violations related to information exposure through an error message?

Answer options

• A. Configuring the environment to use shorter error messages.
• B. Handing exceptions internally and not displaying errors to the user.
• C. Creating default error pages or error messages which do not include variable data.
• D. Logging the session name and necessary parameters once the error occurs to enable trouble shooting.

Correct answer: C

Explanation

The correct answer is C because creating default error pages ensures that sensitive information is not exposed to users. Options A and B may reduce the visibility of errors but do not address the underlying issue of variable data exposure. Option D may help in troubleshooting but does not prevent the initial privacy violation from occurring.