IAPP CIPT Exam With Confidence Using Practice Dumps

When the retention period for data ends, suitable actions typically include deletion, de-identification, or aggregation to ensure that the data is no longer in a form that can be used to identify individuals or is completely removed from systems. Retagging is not a suitable action as it implies merely re-labeling or reclassifying the data rather than properly handling it according to data retention policies. Retagging does not mitigate privacy risks and may result in non-compliance with data protection regulations (IAPP, Certified Information Privacy Technologist (CIPT) materials).

When a vendor collects data under an outdated contract that does not align with current organizational practices, the preferred response is to update the contract. This approach ensures that the vendor’s data practices align with the current privacy standards and requirements of the organization, maintaining compliance and protecting data subjects. Terminating the contract or destroying the data may be extreme steps that could disrupt business operations or lead to data loss. Continuing the existing contract without any updates leaves the organization exposed to non-compliance risks.

Discretionary access control (DAC) allows resource owners to determine who can access their resources and what permissions they have. This model provides flexibility for users to share resources at their discretion. In the DAC model, users can grant access rights to other individuals based on their preferences or needs. The IAPP materials highlight that DAC is commonly used in systems where resource owners need the ability to manage access rights directly (IAPP, "Access Control Models").