Certified Information Privacy Technologist (CIPT) — Question 203

An organization is reliant on temporary contractors for performing data analytics and they require access to personal data via software-as-a-service to perform their job. When the temporary contractor completes their work assignment, what would be the most effective way to safeguard privacy and access to personal data when they leave?

Answer options

• A. Set a system-based expiry that requires management reauthorization for online access for accounts that have been active more than 6 months
• B. Establish a predetermined automatic account expiration date based on contract timescales
• C. Require temporary contractors to sign a non-disclosure agreement security acceptable use policy and online access authorizations by hiring managers
• D. Mandate hiring managers to email IT or Security team when the contractor leaves

Correct answer: B

Explanation

The correct answer is B because establishing a predetermined automatic account expiration date directly aligns with the contract's duration, ensuring access is revoked promptly after the contract ends. Options A and D rely on manual processes and may lead to delays in access termination, while option C does not directly address the automatic revocation of access based on the contract timeline.