Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

• A.Business objectives of senior leaders
• B.Strategic goals of the organization
• C.Detailed documentation of data privacy processes
• D.Contract requirements for independent oversight

Comment: *

Name: *

Email: *

Verification: *

Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization's privacy notice. Which of the following is the BEST way to address this concern?

• A.Review the privacy policy.
• B.Obtain independent assurance of current practices.
• C.Re-assess the information security requirements.
• D.Validate contract compliance.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a responsibility of the audit function in helping an organization address privacy compliance requirements?

• A.Approving privacy impact assessments (PIAs)
• B.Validating the privacy framework
• C.Managing privacy notices provided to customers
• D.Establishing employee privacy rights and consent

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?

• A.Access is logged on the virtual private network (VPN).
• B.Multi-factor authentication is enabled.
• C.Active remote access is monitored.
• D.Access is only granted to authorized users.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration when choosing a method for data destruction?

• A.Granularity of data to be destroyed
• B.Validation and certification of data destruction
• C.Time required for the chosen method of data destruction
• D.Level and strength of current data encryption

Comment: *

Name: *

Email: *

Verification: *