Question 17
Domain 4: Individual Requests, Complaints and Privacy IncidentsA privacy office is closing a complaint file after documenting the outcome and remediation steps. To align with the requirement to maintain supporting evidence, what should the office do with the related records?
Correct answer: B
Explanation
Supporting evidence should be retained so the organization can substantiate its actions during internal oversight and external inquiries. — Maintain supporting evidence: Maintain evidence to support internal oversight and external inquiries.
Why each option is right or wrong
A. Delete the records once the outcome has been communicated to reduce file volume.
Evidence should be maintained to support internal oversight and external inquiries.
B. Retain the records as supporting evidence for possible internal oversight and external inquiries.
The source states that evidence must be maintained to support internal oversight and external inquiries. Because the file includes the documented outcome and remediation steps, retaining those related records satisfies that requirement.
C. Keep only records needed for external inquiries, since internal review does not require evidence.
Evidence must support both internal oversight and external inquiries.
D. Preserve the records only if the complaint resulted in a confirmed privacy incident.
The requirement is to maintain evidence for oversight and inquiries, not only for confirmed incidents.