ExamTopics Logo
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPT All Questions

View all questions & answers for the CIPT exam
Go to Exam

Exam CIPT topic 1 question 145 discussion

Actual exam question from IAPP's CIPT
Question #: 145
Topic #: 1
[All CIPT Questions]

Organizations understand there are aggregation risks associated with the way the process their customer's data. They typically include the details of this aggregation risk in a privacy notice and ask that all customers acknowledge they understand these risks and consent to the processing.
What type of risk response does this notice and consent represent?

  • A. Risk transfer.
  • B. Risk mitigation.
  • C. Risk avoidance.
  • D. Risk acceptance.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by bonitapat at March 14, 2022, 10:29 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ssourav
9 months, 2 weeks ago
Selected Answer: D
D. Risk acceptance is the type of risk response represented by the privacy notice and consent. Reasoning: By including details of aggregation risks in the privacy notice and asking customers to acknowledge and consent, the organization is essentially informing customers of the risks and seeking their agreement to proceed despite those risks. This approach acknowledges the existence of the risk and allows customers to accept it as part of their continued use of the services. The organization is not necessarily transferring, mitigating, or avoiding the risk but rather accepting it with customer consent.
upvoted 1 times
...
perryhan
1 year, 2 months ago
Selected Answer: B
B. Risk mitigation the NIST Privacy Control IP-1 on consent requires the system to provide individuals a mechanism to authorize the collection of their personal information, where feasible. This control may address a class of adverse privacy events, such as exclusion, which occurs when the individual does not have knowledge of, or participate in, the use of their personal information. If this use is made overt and the individual is permitted to authorize the use of their information for this purpose, then this risk to the individual is mitigated
upvoted 1 times
...
ChaChaMcGraw
3 years ago
The question is looking at it from the organization's point of view. The user is accepting the risk, the organization is transferring the risk to the user.
upvoted 3 times
...
zlzl
3 years ago
Selected Answer: D
Still accepted this risk
upvoted 3 times
am2005
3 years ago
logical
upvoted 1 times
...
...
bonitapat
3 years, 2 months ago
why A Risk Transfer ???
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel