Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?
Correct Answer: C
Explanation The most important thing to consider when managing changes to the provision of services by a third party that processes personal data is the business impact due to the changes. Changes to the provision of services by a third party can affect the organization's ability to meet its business objectives and legal obligations related to data processing activities. For example, changes to the service level agreement (SLA), the scope of services, the security measures, the location of servers, etc., can have implications for the quality, availability, confidentiality, integrity, and compliance of personal data processing. Therefore, an IT privacy practitioner should assess and evaluate the business impact due to the changes, and ensure that they are aligned with the organization's privacy policies and applicable privacy regulations and standards. References: : CDPSE Review Manual (Digital Version), page 41
Question 12
Which of the following is the BEST practice to protect data privacy when disposing removable backup media?
Correct Answer: B
Explanation The best practice to protect data privacy when disposing removable backup media is B. Data sanitization. A comprehensive explanation is: Data sanitization is the process of permanently and irreversibly erasing or destroying the data on a storage device or media, such as a hard drive, a USB drive, a CD/DVD, etc. Data sanitization ensures that the data cannot be recovered or reconstructed by any means, even by using specialized software or hardware tools. Data sanitization is also known as data wiping, data erasure, data destruction, or data disposal. Data sanitization is the best practice to protect data privacy when disposing removable backup media because it prevents unauthorized access, disclosure, theft, or misuse of the sensitive or confidential data that may be stored on the media. Data sanitization also helps to comply with the legal and regulatory requirements and standards for data protection and privacy, such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), etc. There are different methods and techniques for data sanitization, depending on the type and format of the storage device or media. Some of the common methods are: * Overwriting: Overwriting replaces the existing data on the device or media with random or meaningless data, such as zeros, ones, or patterns. Overwriting can be done multiple times to increase the level of security and assurance. Overwriting is suitable for magnetic media, such as hard disk drives (HDDs) or tapes. * Degaussing: Degaussing exposes the device or media to a strong magnetic field that disrupts and destroys the magnetic structure and alignment of the data. Degaussing renders the device or media unusable and unreadable. Degaussing is suitable for magnetic media, such as hard disk drives (HDDs) or tapes. * Physical Destruction: Physical destruction involves applying physical force or damage to the device or media that breaks it into small pieces or shreds it. Physical destruction can be done by using mechanical tools, such as shredders, crushers, drills, hammers, etc., or by using thermal methods, such as incineration, melting, etc. Physical destruction is suitable for any type of media, such as hard disk drives (HDDs), solid state drives (SSDs), USB drives, CDs/DVDs, etc. Data encryption (A) is not a good practice to protect data privacy when disposing removable backup media because it does not erase or destroy the data on the media. Data encryption only transforms the data into an unreadable format that can only be accessed with a key or a password. However, if the key or password is lost, stolen, compromised, or guessed by an attacker, the data can still be decrypted and exposed. Data encryption is more suitable for protecting data in transit or at rest, but not for disposing data. Data scrambling is not a good practice to protect data privacy when disposing removable backup media because it does not erase or destroy the data on the media. Data scrambling only rearranges the order of the bits or bytes of the data to make it appear random or meaningless. However, if the algorithm or pattern of scrambling is known or discovered by an attacker, the data can still be unscrambled and restored. Data scrambling is more suitable for obfuscating data for testing or debugging purposes, but not for disposing data. Data masking (D) is not a good practice to protect data privacy when disposing removable backup media because it does not erase or destroy the data on the media. Data masking only replaces some parts of the data with fictitious or anonymized values to hide its true identity or meaning. However, if the original data is still stored somewhere else or if the masking technique is weak or reversible by an attacker, the data can still be unmasked and revealed. Data masking is more suitable for protecting data in use or in analysis, but not for disposing data. References: * What Is Data Sanitization?1 * How to securely erase hard drives (HDDs) and solid state drives (SSDs)2 * Secure Data Disposal & Destruction: 6 Methods to Follow3
Question 13
Which of the following scenarios should trigger the completion of a privacy impact assessment (PIA)?
Correct Answer: B
Explanation A privacy impact assessment (PIA) is a process of analyzing the potential privacy risks and impacts of collecting, using, and disclosing personal data. A PIA should be conducted when there is a change in the data processing activities that may affect the privacy of individuals or the compliance with data protection laws and regulations. One of the scenarios that should trigger the completion of a PIA is when there are new inter-organizational data flows, which means that personal data is shared or transferred between different entities or jurisdictions. This may introduce new privacy risks, such as unauthorized access, misuse, or breach of data, as well as new legal obligations, such as obtaining consent, ensuring adequate safeguards, or notifying authorities. References: PIA Triggers - International Association of Privacy Professionals Privacy Impact Assessment - International Association of Privacy Professionals GDPR Privacy Impact Assessment Data Protection Impact Assessment triggers: Clarity or confusion?
Question 14
Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?
Correct Answer: D
Question 15
Which of the following is MOST important to capture in the audit log of an application hosting personal data?
Correct Answer: C
Explanation An audit log is a record of the activities and events that occur in an information system, such as an application hosting personal data. An audit log can help to monitor, detect, investigate and prevent unauthorized or malicious access, use, modification or deletion of personal data. An audit log can also help to demonstrate compliance with data protection laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). An audit log should capture the following information for each event: 9 * The date and time of the event * The identity of the user or system that performed the event * The type and description of the event * The outcome or result of the event * The personal data that were accessed, used, modified or deleted The last user who accessed personal data is the most important information to capture in the audit log, as it can help to identify who is responsible for any data breach or misuse of personal data. It can also help to verify that only authorized and legitimate users have access to personal data, and that they follow the data use policy and the principle of least privilege. The last user who accessed personal data can also help to support data subjects' rights, such as the right to access, rectify, erase or restrict their personal data. The other options are less important or irrelevant to capture in the audit log of an application hosting personal data. Server details of the hosting environment are not related to personal data, and they can be obtained from other sources, such as network logs or configuration files. Last logins of privileged users are important to capture in a separate audit log for user account management, but they do not indicate what personal data were accessed or used by those users. Application error events are important to capture in a separate audit log for system performance and reliability, but they do not indicate what personal data were affected by those errors. References: * IS Audit Basics: Auditing Data Privacy, section 4: "Audit logs should be maintained for all systems that process PII." * Data Protection Audit Manual, section 3.2: "Audit trails should be kept for all processing operations involving personal data." * Audit Logging Best Practices, section 2: "An audit log entry should contain enough information to answer who did what and when."
