Certified Information Privacy Technologist (CIPT) — Question 48
SCENARIO -
Please use the following to answer next question:
EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.
The app collects the following information:
✑ First and last name
✑ Date of birth (DOB)
✑ Mailing address
✑ Email address
✑ Car VIN number
✑ Car model
✑ License plate
✑ Insurance card number
✑ Photo
✑ Vehicle diagnostics
✑ Geolocation
All of the following technical measures can be implemented by EnsureClaim to protect personal information that is accessible by third-parties EXCEPT?
Answer options
- A. Encryption.
- B. Access Controls.
- C. De-identification.
- D. Multi-factor authentication.
Correct answer: C
Explanation
The correct answer is C, as de-identification involves removing personal identifiers from data, which is not a direct technical measure for protecting data accessed by third parties. In contrast, encryption, access controls, and multi-factor authentication are all methods that can actively protect data from unauthorized access.