Q: 9
A private sector daycare’s portal for parents stores their children’s photos, allergy information date of birth. A parent has asked about the portal’s security requirements and in three months still not has received an answer. What is missing from the daycare’s procedures?
Options
Discussion
Yeah that's a clear miss on responding within 30 days.
B, since the 30 day response window is a hard PIPEDA rule here.
Responding to the parent's request within 30 days
B, not A. Privacy laws like PIPEDA require organizations to reply to access or info requests within a set timeframe (usually 30 days). The daycare missed that so it’s a procedural gap. Pretty sure on this, but let me know if you see it differently.
A. Ensuring transparency, thought that was the trap since they didn't provide info back.
Responding within 30 days is the key issue. PIPEDA requires organizations to reply to access requests in that timeframe, so the daycare missed a basic compliance step. Pretty sure B covers it, unless I've misunderstood the regulations here.
Saw something just like this on a practice test. The real issue is they didn't reply within the 30-day period set out by PIPEDA, so it's about responding to the parent’s request in time. Think B is right but happy to hear other takes.
Responding to the parent's request within 30 days. Seen similar logic in official practice sets, response timelines are a big deal under PIPEDA/CASL. Not 100% but official guide really emphasizes timely access rights.
Yeah, not getting back to the parent in 30 days is where they messed up. The real procedure gap here is timely response to access requests per PIPEDA, so it's responding within 30 days. I get why some might pick transparency but that's a bit of a trap.
Pretty sure it's about the response time. So, responding to the parent's request within 30 days fits since PIPEDA sets that standard. Could see why some might think transparency, but the explicit breach is the missed deadline. If anyone disagrees, open to hearing!
Be respectful. No spam.