What does this example best illustrate about training requirements for privacy protection?

SCENARIO

Please use the following to answer the next QUESTION:

Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handling Shipping, for his work in reforming certain "rogue" offices. Last year, news broke that a police sting operation had revealed a drug ring operating in the Providence, Rhode Island office in the United States. Video from the office’s video surveillance cameras leaked to news operations showed a drug exchange between Special Handling staff and undercover officers.

In the wake of this incident, Kelly had been sent to Providence to change the "hands off" culture that upper management believed had let the criminal elements conduct their illicit transactions. After a few weeks under Kelly’s direction, the office became a model of efficiency and customer service. Kelly monitored his workers’ activities using the same cameras that had recorded the illegal conduct of their former co-workers.

Now Kelly has been charged with turning around the office in Cork, Ireland, another trouble spot. The company has received numerous reports of the staff leaving the office unattended. When Kelly arrived, he found that even when present, the staff often spent their days socializing or conducting personal business on their mobile phones. Again, he observed their behaviors using surveillance cameras. He issued written reprimands to six staff members based on the first day of video alone.

Much to Kelly’s surprise and chagrin, he and the company are now under investigation by the Data Protection Commissioner of Ireland for allegedly violating the privacy rights of employees. Kelly was told that the company’s license for the cameras listed facility security as their main use, but he does not know why this matters. He has pointed out to his superiors that the company’s training programs on privacy protection and data collection mention nothing about surveillance video.

You are a privacy protection consultant, hired by the company to assess this incident, report on the legal and compliance issues, and recommend next steps.

What does this example best illustrate about training requirements for privacy protection?
A . Training needs must be weighed against financial costs.
B . Training on local laws must be implemented for all personnel.
C . Training must be repeated frequently to respond to new legislation.
D . Training must include assessments to verify that the material is mastered.

Answer: B

Explanation:

This answer is the best way to illustrate the training requirements for privacy protection, as it shows the importance of understanding and complying with the different legal and regulatory frameworks that apply to the organization’s data processing activities in different jurisdictions. Training on local laws must be implemented for all personnel who are involved in or responsible for collecting, using, disclosing, storing or transferring personal data across borders, as they may face different obligations and restrictions depending on the nature and location of the data and the data subjects. Training on local laws can help to prevent or mitigate the risks of violating the privacy rights of individuals, facing legal actions, fines, sanctions or investigations from authorities, or losing trust and reputation among customers, partners and stakeholders.

Reference: IAPP CIPM Study Guide, page 901; ISO/IEC 27002:2013, section 7.2.2

Latest CIPM Dumps Valid Version with 90 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments