Certified Information Privacy Technologist (CIPT) — Question 265

Which of the following would be the most appropriate solution for preventing privacy violations related to information exposure through an error message?

Answer options

• A. Handle exceptions internally by sending the error message to the privacy officer.
• B. Create default error pages or error messages which do not include variable data
• C. Log the session name and necessary parameters once the error occurs to enable troubleshooting
• D. Use shorter error messages that indicate more information is available by clicking the "more information" button.

Correct answer: B

Explanation

Option B is correct because creating default error pages that do not disclose variable data ensures sensitive information is not exposed. Other options, such as logging session details or notifying the privacy officer, do not directly prevent the exposure of information in error messages. Shortening error messages might still allow sensitive details to be revealed if not carefully managed.