Which of the following steps of IT governance program establishes a balanced scorecard mechanism for measuring current performance that are related to the IT governance focus areas?
Correct Answer: A
Question 62
An IT director has become aware that a certain subset of data collected lawfully can be used to generate additional revenue. However, this particular use of the data is outside the original intention. What is the PRIMARY reason this situation should be escalated to the IT steering committee?
Correct Answer: B
The primary reason this situation should be escalated to the IT steering committee is B. Ethical concerns. This is because using data for a purpose that is outside the original intention may violate the principle of purpose limitation, which states that personal data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes1. Using data for a different purpose may also breach the trust and expectations of the individuals who provided the data, and may harm their rights and interests. Therefore, the IT director should consult the IT steering committee, which is a group of senior executives who are responsible for developing and enforcing the organization's IT priorities and policies2, to determine whether the new use of data is ethical, lawful, and transparent. The IT steering committee should also consider the following aspects before making a decision: * The link between the original purpose and the new/upcoming purpose: How closely related are the two purposes? Is the new purpose compatible with the original purpose or does it contradict it? * The context in which the data was collected: What was the relationship between the organization and the individuals at the time of data collection? What did the individuals consent to or expect from the data processing? * The type and nature of the data: Is the data sensitive, personal, or confidential? Does it reveal any information about the individuals' identity, preferences, behavior, or opinions? * The possible consequences of the intended further processing: How will the new use of data affect the individuals and the organization? Will it benefit or harm them? Will it create any risks or opportunities? * The existence of appropriate safeguards: What measures are in place to protect and manage the data according to the data protection principles and standards? How can the data quality, security, privacy, and compliance be ensured or improved? By escalating this situation to the IT steering committee, the IT director can ensure that the ethical implications of using data for another purpose are properly assessed and addressed.
Question 63
IT senior management has just received a survey report indicating that more than one third of the organization's key IT staff plan to retire within the next 12 months. Which of the following is the MOST important governance action to prepare for this possibility?
Correct Answer: C
Question 64
A recent benchmarking analysis has indicated an IT organization is retaining more data and spending significantly more on data retention than its competitors. Which of the following would BEST ensure the optimization of retention costs?
Correct Answer: B
Revalidating the organization's risk tolerance and re-aligning the retention policy is the best option to ensure the optimization of retention costs, because it can help the organization balance the trade-off between the benefits and costs of data retention. By revalidating the risk tolerance, the organization can identify the optimal level of data retention that minimizes the exposure to legal, regulatory, and operational risks, while also reducing the storage and management costs. By re-aligning the retention policy, the organization can ensure that the data retention practices are consistent with the risk tolerance and reflect the current business needs and objectives. A re-aligned retention policy can also help the organization comply with data retention laws and regulations, avoid unnecessary data hoarding, and improve data quality and accessibility. References := Data Retention Policy 101: Best Practices, Examples & More - Intradyn, Data Retention 101: Policies and Best Practices | Egnyte, Best Practices for Data Retention and Policy Creation Will Optimize Storage Management, Data Retention Policy: Crafting Strategy for Compliance and Access
Question 65
Which of the following types of IT organizational structures states that all IT resources are centralized under a single reporting structure with centralized resource allocation (staffing), and the organizational structure is built around the resource pools?
