Based on the initial assessment and review of the available data flows, which of the following would be the most important privacy risk you should investigate first?
SCENARIO WebTracker Limited is a cloud-based online marketing service located in London. Last year, WebTracker migrated its IT infrastructure to the cloud provider AmaZure, which provides SQL Databases and Artificial Intelligence services to WebTracker. The roles and responsibilities between the two companies have been formalized in a standard contract, which...
Which of the following would best improve an organization’ s system of limiting data use?
Which of the following would best improve an organization’ s system of limiting data use?A . Implementing digital rights management technology. B. Confirming implied consent for any secondary use of data. C. Applying audit trails to resources to monitor company personnel. D. Instituting a system of user authentication for company...
What would be an example of an organization transferring the risks associated with a data breach?
What would be an example of an organization transferring the risks associated with a data breach?A . Using a third-party service to process credit card transactions. B. Encrypting sensitive personal data during collection and storage C. Purchasing insurance to cover the organization in case of a breach. D. Applying industry...
Why is first-party web tracking very difficult to prevent?
Why is first-party web tracking very difficult to prevent?A . The available tools to block tracking would break most sites’ functionality. B. Consumers enjoy the many benefits they receive from targeted advertising. C. Regulatory frameworks are not concerned with web tracking. D. Most browsers do not support automatic blocking.View AnswerAnswer:...
Which of the following would best explain why the retailer’s consumer data was still exfiltrated?
Between November 30th and December 2nd, 2013, cybercriminals successfully infected the credit card payment systems and bypassed security controls of a United States-based retailer with malware that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection software installed to prevent against such an attack. Which...
Which procedure should be employed to identify the types and locations of data held by Wesley Energy?
SCENARIO Wesley Energy has finally made its move, acquiring the venerable oil and gas exploration firm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson's quirky nature affected even Lancelot's data practices, which are maddeningly inconsistent. “The old...
Truncating the last octet of an IP address because it is NOT needed is an example of which privacy principle?
Truncating the last octet of an IP address because it is NOT needed is an example of which privacy principle?A . Use Limitation B. Data Minimization C. Purpose Limitation D. Security SafeguardsView AnswerAnswer: B Explanation: truncating the last octet of an IP address because it is not needed is an...
Which data practice is Barney most likely focused on improving?
SCENARIO Kyle is a new security compliance manager who will be responsible for coordinating and executing controls to ensure compliance with the company's information security policy and industry standards. Kyle is also new to the company, where collaboration is a core value. On his first day of new-hire orientation, Kyle's...
Which of the following is the least effective privacy preserving practice in the Systems Development Life Cycle (SDLC)?
Which of the following is the least effective privacy preserving practice in the Systems Development Life Cycle (SDLC)?A . Conducting privacy threat modeling for the use-case. B. Following secure and privacy coding standards in the development. C. Developing data flow modeling to identify sources and destinations of sensitive data. D....
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne’s Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on-hand from years ago?
SCENARIO Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne’s Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive...