How can an organization BEST ensure its vendors are complying with data privacy requirements defined in their contracts?

• A.Review self-attestations of compliance provided by vendor management.
• B.Obtain independent assessments of the vendors' data management processes.
• C.Perform penetration tests of the vendors' data security.
• D.Compare contract requirements against vendor deliverables.

Comment: *

Name: *

Email: *

Verification: *

An organization's data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?

• A.Hammer strike
• B.Remote partitioning
• C.Low-level formatting
• D.Degaussing

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST enables an organization to ensure privacy-related risk responses meet organizational objectives?

• A.Integrating security and privacy control requirements into the development of risk scenarios
• B.Prioritizing privacy-related risk scenarios as part of enterprise risk management ERM) processes
• C.Using a top-down approach to develop privacy-related risk scenarios for the organization
• D.Assigning the data protection officer accountability for privacy protection controls

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a role PRIMARILY assigned to an internal data owner?

• A.Monitoring data retention periods
• B.Authorizing access rights
• C.Serving as primary contact with regulators
• D.Implementing appropriate technical controls

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to ensure an organization's enterprise risk management (ERM) framework can protect the organization from privacy harms?

• A.Include privacy risks as a risk category.
• B.Establish a privacy incident response plan.
• C.Conduct an internal privacy audit.
• D.Complete a privacy risk assessment.

Comment: *

Name: *

Email: *

Verification: *