ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your company is writing breach-response procedures for its cloud application. To comply with common breach-notification laws such as the GDPR and several U.S. state statutes, in which circumstance would notification to affected individuals usually NOT be legally required?
The stolen files were encrypted with strong algorithms and the encryption keys remained uncompromised.
Only email addresses, not payment card data, were exposed in the breach.
Fewer than 5,000 customer records were involved in the incident.
The organization is privately held and not subject to public disclosure regulations.
Many breach-notification laws include a "safe-harbor" provision: if the compromised information was protected by strong encryption and the encryption keys were not also compromised, the data is considered unintelligible to unauthorized parties. Because the risk of harm is minimal, statutes such as the EU GDPR (Article 34) and numerous U.S. state data-breach laws waive the obligation to notify affected individuals in this scenario. Factors like the number of records, the organization's public or private status, or the absence of financial data do not generally remove the legal duty to notify once personal data has been exposed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What makes encryption 'strong' and how does it protect data?
Open an interactive chat with Bash
What is the GDPR's 'safe-harbor' provision for encrypted data?
Open an interactive chat with Bash
Why does the number of records or the type of organization not usually affect breach-notification laws?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Lifecycle Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .