Which of the following is the BEST approach for a local office of a global organization faced with multiple privacy-related compliance requirements?
Correct Answer: B
Explanation The best approach for a local office of a global organization faced with multiple privacy-related compliance requirements is to focus on the requirements with the highest organizational impact, because this will help prioritize the most critical and urgent privacy issues and risks that may affect the organization's reputation, operations, or legal obligations. Focusing on the highest impact requirements will also help allocate the resources and efforts more efficiently and effectively, as well as align the local office's privacy practices with the global organization's objectives and strategies12. References: * CDPSE Exam Content Outline, Domain 1 - Privacy Governance (Governance, Management & Risk Management), Task 3: Participate in the evaluation of privacy policies, programs and policies for their alignment with legal requirements, regulatory requirements and/or industry best practices3. * CDPSE Review Manual, Chapter 1 - Privacy Governance, Section 1.2 - Privacy Policy4.
Question 77
An organization is considering the use of remote employee monitoring software. Which of the following is the MOST important privacy consideration when implementing this solution?
Correct Answer: C
Explanation Remote employee monitoring software is a solution that collects, analyzes and reports data on the activities and behaviors of employees who work remotely or from home. It can help organizations to measure and improve employee productivity, performance, engagement and security. However, it also poses significant privacy risks and challenges, as it may involve the collection and processing of personal data, such as names, email addresses, biometric data, IP addresses, keystrokes, screenshots, web browsing history, app usage, communication content and frequency, etc. Data access should be restricted based on roles, meaning that only authorized and legitimate parties should be able to access and use the data collected by the remote employee monitoring software, based on their roles and responsibilities within the organization. This is a key privacy principle and practice that helps to protect the privacy rights and interests of the employees, and to prevent unauthorized or excessive access, use, disclosure or modification of their personal data by the organization or third parties. Data access restriction based on roles also helps to comply with data protection laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), which require data controllers and processors to implement appropriate technical and organizational measures to safeguard personal data. References: Mobile Workforce Security Considerations and Privacy - ISACA, section 3: "The principle of least privilege should be applied to ensure that only authorized personnel have access to the data." Why Employee Privacy Matters More Than Ever - ISACA, section 3: "Privacy-first monitoring should include granular privacy controls, including: Auto-redacting personal information; Restricting access to sensitive information based on role; Masking sensitive information from view."
Question 78
Which of the following is the MOST important consideration when choosing a method for data destruction?
Correct Answer: B
Explanation Validation and certification of data destruction is the most important consideration when choosing a method for data destruction, because it provides evidence that the data has been destroyed beyond recovery and that the organization has complied with the applicable information security frameworks and legal requirements. Validation and certification can also help to prevent data breaches, avoid legal liabilities, and enhance the organization's reputation and trustworthiness. Different methods of data destruction may have different levels of validation and certification, depending on the type of media, the sensitivity of the data, and the standards and guidelines followed. For example, some methods may require a third-party verification or audit, while others may generate a certificate of destruction or a report of erasure. Therefore, the organization should choose a method that can provide sufficient validation and certification for its specific needs and obligations. References: Secure Data Disposal and Destruction: 6 Methods to Follow, KirkpatrickPrice Data Destruction Standards and Guidelines, BitRaser Best Practices for Data Destruction, U.S. Department of Education
Question 79
Which of the following BEST supports an organization's efforts to create and maintain desired privacy protection practices among employees?
Correct Answer: A
Question 80
A technology company has just launched a mobile application tor tracking health symptoms_ This application is built on a mobile device technology stack that allows users to share their location and details of their symptoms. Which of the following is the GREATEST privacy concern with collecting this data via mobile devices?
