Certified Information Privacy Technologist (CIPT) — Question 38

Which of the following is NOT relevant to a user exercising their data portability rights?

Answer options

• A. Notice and consent for the downloading of data.
• B. Detection of phishing attacks against the portability interface.
• C. Re-authentication of an account, including two-factor authentication as appropriate.
• D. Validation of users with unauthenticated identifiers (e.g. IP address, physical address).

Correct answer: B

Explanation

Option B is correct because detecting phishing attacks is not directly related to a user's right to data portability. The other options (A, C, D) involve processes that are relevant to ensuring secure access and handling of the user's data during portability.