An organization uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings. Which of the following is the IT privacy practitioner's BEST recommendation?
Correct Answer: B
Question 7
What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior?
Correct Answer: C
Question 8
When choosing data sources to be used within a big data architecture, which of the following data attributes MUST be considered to ensure data is not aggregated?
Correct Answer: A
Question 9
When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?
Correct Answer: B
Reference: When evaluating cloud-based services for backup, one of the most important factors to consider from a privacy regulation standpoint is data residing in another country. This is because different countries may have different privacy laws and regulations that apply to the personal data stored or processed in their jurisdictions. Some countries may have more stringent or protective privacy laws than others, while some countries may have more intrusive or invasive practices that pose threats to data privacy. Therefore, an organization should be aware of the location of its cloud-based backup service provider and its servers, and ensure that there are adequate safeguards and agreements in place to protect the personal data from unauthorized or unlawful access, use, disclosure, or transfer. Reference: : CDPSE Review Manual (Digital Version), page 159
Question 10
Which of the following is the BEST way to protect the privacy of data stored on a laptop in case of loss or theft?
Correct Answer: D
Endpoint encryption is a security practice that transforms the data stored on a laptop or other device into an unreadable format using a secret key or algorithm. Endpoint encryption protects the privacy of data in case of loss or theft, by ensuring that only authorized parties can access and use the data, while unauthorized parties cannot decipher or modify the data without the key or algorithm. Endpoint encryption also helps to comply with data protection laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), which require data controllers and processors to implement appropriate technical and organizational measures to safeguard personal data. The other options are less effective or irrelevant for protecting the privacy of data stored on a laptop in case of loss or theft. Strong authentication controls, such as passwords, biometrics or multifactor authentication, are important for verifying the identity and access rights of users, but they do not protect the data from being accessed by bypassing or breaking the authentication mechanisms. Remote wipe is a feature that allows users or administrators to erase the data on a lost or stolen device remotely, but it depends on the availability of network connection and device power, and it may not prevent data recovery by sophisticated tools. Regular backups are a process of creating copies of data for recovery purposes, such as in case of data loss or corruption, but they do not protect the data from being accessed by unauthorized parties who may obtain the backup media or files. Reference: An Ethical Approach to Data Privacy Protection - ISACA, section 2: "Encryption is one of the most effective security controls available to enterprises, but it can be challenging to deploy and maintain across a complex enterprise landscape." How to Protect and Secure Your Data in 10 Ways - TechRepublic, section 1: "Encrypt your hard drive Most work laptops use BitLocker to encrypt local files. That way, if the computer is stolen or hacked, the data it contains will be useless to the malicious actor." 10 Tips to Protect Your Files on PC and Cloud - microsoft.com, section 1: "Encrypt your hard drive Most work laptops use BitLocker to encrypt local files. That way, if the computer is stolen or hacked, the data it contains will be useless to the malicious actor." 11 practical ways to keep your IT systems safe and secure | ICO, section 1: "Use strong passwords and multi-factor authentication Make sure you use strong passwords on smartphones, laptops, tablets, email accounts and any other devices or accounts where personal information is stored."
