A marketing manager at a communications firm receives a formal request from an individual who wants personal details erased from the company's records. The manager notifies the security department, explaining that these details are retained for analytics. Which action reflects accepted practices for fulfilling this request?
Combine the data and keep it for a potential advertising campaign
Ask the individual for official legal counsel documentation before proceeding
Document and verify the request, then remove the individual's details from all related data sources
Note the request in an archive and retain the data for analytics
Removing the specified details while following the organization's documented procedure satisfies recognized privacy rules. Capturing the request, verifying the individual's identity, and ensuring the information is removed from all relevant systems is needed to meet obligations. Keeping the details for marketing or demanding extra documentation from a legal official runs counter to the individual's legitimate request.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What privacy rules or laws require organizations to erase personal data upon request?
Open an interactive chat with Bash
How should organizations verify the identity of someone making a data deletion request?
Open an interactive chat with Bash
What steps are involved in removing personal data from all related systems?