A software development organization with remote personnel has implemented a third-party virtualized workspace to allow the teams to collaborate. Which of the following should be of GREATEST concern?

• A.Personal data could potentially be exfiltrated through the virtual workspace.
• B.There is a lack of privacy awareness and training among remote personnel.
• C.The third-party workspace is hosted in a highly regulated jurisdiction.
• D.The organization's products are classified as intellectual property.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to protect personal data in the custody of a third party?

• A.Have corporate counsel monitor privacy compliance.
• B.Require the third party to provide periodic documentation of its privacy management program.
• C.Include requirements to comply with the organization's privacy policies in the contract.
• D.Add privacy-related controls to the vendor audit plan.

Comment: *

Name: *

Email: *

Verification: *

An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?

• A.Lawfulness and fairness
• B.Data use limitation
• C.System use requirements
• D.Data integrity and confidentiality

Comment: *

Name: *

Email: *

Verification: *

Which of the following MUST be available to facilitate a robust data breach management response?

• A.Best practices to obfuscate data for processing and storage
• B.An inventory of previously impacted individuals
• C.Lessons learned from prior data breach responses
• D.An inventory of affected individuals and systems

Comment: *

Name: *

Email: *

Verification: *

What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?

• A.Require security management to validate data privacy security practices.
• B.Involve the privacy office in an organizational review of the incident response plan.
• C.Hire a third party to perform a review of data privacy processes.
• D.Conduct annual data privacy tabletop exercises.

Comment: *

Name: *

Email: *

Verification: *