Certified Information Privacy Technologist (CIPT) — Question 47

What would be an example of an organization transferring the risks associated with a data breach?

Answer options

• A. Using a third-party service to process credit card transactions.
• B. Encrypting sensitive personal data during collection and storage
• C. Purchasing insurance to cover the organization in case of a breach.
• D. Applying industry standard data handling practices to the organization' practices.

Correct answer: C

Explanation

The correct answer, C, is accurate because purchasing insurance specifically addresses financial risks associated with a data breach. Options A, B, and D illustrate preventative measures rather than transferring risk; they focus on mitigating the consequences of a breach rather than shifting liability to another entity.