Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

• A.Security controls are clearly defined.
• B.The system architecture is clearly defined.
• C.A risk assessment has been completed.
• D.Data protection requirements are included.

Comment: *

Name: *

Email: *

Verification: *

An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?

• A.Lawfulness and fairness
• B.System use requirements
• C.Data integrity and confidentiality
• D.Data use limitation

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be established FIRST before authorizing remote access to a data store containing personal data?

• A.Privacy policy
• B.Network security standard
• C.Multi-factor authentication
• D.Virtual private network (VPN)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to protect personal data in the custody of a third party?

• A.Have corporate counsel monitor privacy compliance.
• B.Require the third party to provide periodic documentation of its privacy management program.
• C.Include requirements to comply with the organization's privacy policies in the contract.
• D.Add privacy-related controls to the vendor audit plan.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration for developing data retention requirements?

• A.Industry guidelines
• B.Cost-benefit analysis
• C.Data classification rules
• D.Applicable regulations

Comment: *

Name: *

Email: *

Verification: *