Free IAPP CIPP-E Actual Exam Questions - Question 14 Discussion
maintain the security of the processing, what would be the most important security measure to
apply to the health data transmission?
I agree that encryption is key here—C is the only one that actively safeguards the data while it’s moving between entities. The others don’t prevent interception directly, so C makes the most sense to me.
It’s B since having a data processing agreement legally binds the receiver to protect the data properly.
C imo, encryption is the only option that actually protects the data during transfer. The rest are more about compliance or risk assessment, but don’t stop the info from being intercepted or leaked in transit.
Probably D, because a Data Protection Impact Assessment helps identify and address risks before transferring sensitive health info. It’s more about ensuring the whole process is secure, not just the technical side.
Guessing C, encryption directly protects data while it’s moving between entities.
Maybe B, because without a proper agreement, the receiving entity might mishandle data.
A imo, letting the data subject know about security measures builds trust and transparency, which is crucial under GDPR. It’s not as technical as encryption but still a key part of security culture.
Yeah, I get why encryption in transit (C) is the go-to since we’re focusing on the actual transmission. But honestly, without a data processing agreement (B), you have no guarantee about how the receiving side manages the data afterward, which is super important for health info. Still, if it's just about keeping it secure while it's moving, encryption wins out here.
C/D for me. Encryption in transit is definitely key to keep the data safe while it moves between entities, especially with sensitive health info. DPIA is important overall but more about assessing risk before processing. Since the question focuses on transmission, encrypting at rest might be beyond the scope here, so I’d pick C as the strongest direct security action for transmission.
It’s C because encryption protects the data while it’s moving between entities, which is the main concern here. The rest comes after the data is received, so not as relevant for transmission.
B/C? Signing a data processing agreement (B) is key for accountability, but it doesn’t directly secure the transmission. Encryption (C) actually protects the data from interception during transfer, which seems most critical here.
C/D? Encrypting data seems crucial, especially with sensitive health info, so option C makes sense. But then again, doing a DPIA (D) is super important when handling health data under GDPR rules too. Not sure if informing the data subject or having an agreement alone really addresses the most important security measure during transmission itself. Seems like encryption is key here to keep stuff safe in transit and at rest.