A marketing manager at a communications firm receives a formal request from an individual who wants personal details erased from the company's records. The manager notifies the security department, explaining that these details are retained for analytics. Which action reflects accepted practices for fulfilling this request?
Combine the data and keep it for a potential advertising campaign
Note the request in an archive and retain the data for analytics
Document and verify the request, then remove the individual's details from all related data sources
Ask the individual for official legal counsel documentation before proceeding
Removing the specified details while following the organization's documented procedure satisfies recognized privacy rules. Capturing the request, verifying the individual's identity, and ensuring the information is removed from all relevant systems is needed to meet obligations. Keeping the details for marketing or demanding extra documentation from a legal official runs counter to the individual's legitimate request.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What privacy regulations require personal data deletion upon request?
Open an interactive chat with Bash
How do organizations verify the identity of someone requesting data deletion?
Open an interactive chat with Bash
What are the potential consequences if a company fails to fulfill a data deletion request?