ISACA CDPSE Certified Data Privacy Solutions Engineer Online Training

exams

2 years ago

Question #1

What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior?

A . Cross-border data transfer
B . Support staff availability and skill set
C . User notification
D . Global public interest

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The primary consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior is cross-border data transfer, because it may involve the transfer of personal data across different jurisdictions with different privacy laws and regulations. The organization needs to ensure that it complies with the applicable legal requirements and safeguards the privacy rights of its employees when transferring their data to a central location for analysis. The other options are secondary or operational considerations that may not have a significant impact on the privacy of the employees.

Reference: CDPSE Exam Content Outline, Domain 2 C Privacy Architecture (Privacy Architecture Implementation), Task 3: Implement privacy solutions1.

CDPSE Review Manual, Chapter 2 C Privacy Architecture, Section 2.4 C Cross-Border Data Transfer2. CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 2 C Privacy Architecture, Section 2.5 C Cross-Border Data Transfer3.

Question #2

Which of the following should be the FIRST consideration when conducting a privacy impact assessment (PIA)?

A . The applicable privacy legislation
B . The quantity of information within the scope of the assessment
C . The systems in which privacy-related data is stored
D . The organizational security risk profile

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The first consideration when conducting a privacy impact assessment (PIA) is the applicable privacy legislation that governs the collection, processing, storage, transfer, and disposal of personal data within the scope of the assessment. The applicable privacy legislation may vary depending on the jurisdiction, sector, or purpose of the data processing activity. The PIA should identify and comply with the relevant legal requirements and obligations for data protection and privacy, such as obtaining consent, providing notice, ensuring data quality and security, respecting data subject rights, and reporting data breaches. The applicable privacy legislation also determines the criteria, methodology, and documentation for conducting the PIA.

Reference: ISACA, Performing an Information Security and Privacy Risk Assessment1 ISACA, Best Practices for Privacy Audits2

ISACA, GDPR Data Protection Impact Assessments3

ISACA, GDPR Data Protection Impact Assessment Template4

Question #3

Which of the following BEST represents privacy threat modeling methodology?

A . Mitigating inherent risks and threats associated with privacy control weaknesses
B . Systematically eliciting and mitigating privacy threats in a software architecture
C . Reliably estimating a threat actor’s ability to exploit privacy vulnerabilities
D . Replicating privacy scenarios that reflect representative software usage

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Privacy threat modeling is a methodology for identifying and mitigating privacy threats in a software architecture. It helps to ensure that privacy is considered in the design and development of software systems, and that privacy risks are minimized or eliminated. Privacy threat modeling typically involves the following steps: defining the scope and context of the system, identifying the data flows and data elements, identifying the privacy threats and their sources, assessing the impact and likelihood of the threats, and applying appropriate countermeasures to mitigate the threats.

Reference: CDPSE Review Manual (Digital Version), page 97

Question #4

An organization is creating a personal data processing register to document actions taken with personal data.

Which of the following categories should document controls relating to periods of retention for personal data?

A . Data archiving
B . Data storage
C . Data acquisition
D . Data input

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

However, the risks associated with long-term retention have compelled organizations to consider alternatives; one is data archival, the process of preparing data for long-term storage. When organizations are bound by specific laws to retain data for many years, archival provides a viable opportunity to remove data from online transaction systems to other systems or media.

Data archiving is the process of moving data that is no longer actively used to a separate storage device for long-term retention. Data archiving helps to reduce the cost and complexity of data storage, improve the performance and availability of data systems, and comply with data retention policies and regulations. Data archiving should document controls relating to periods of retention for personal data, such as the criteria for determining the retention period, the procedures for deleting or anonymizing data after the retention period expires, and the mechanisms for ensuring the integrity and security of archived data.

Reference: CDPSE Review Manual (Digital Version), page 123

Question #5

Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice.

Which of the following is the BEST way to address this concern?

A . Review the privacy policy.
B . Obtain independent assurance of current practices.
C . Re-assess the information security requirements.
D . Validate contract compliance.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The best way to address the concern that data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice is to validate contract compliance. This means that the organization should verify that the third-party vendor is adhering to the terms and conditions of the contract, which should include clauses on data protection, privacy, and security. The contract should also specify the obligations and responsibilities of both parties regarding data collection, processing, storage, transfer, retention, and disposal. By validating contract compliance, the organization can ensure that the third-party vendor is following the same privacy standards and practices as the organization.

Reference: ISACA, CDPSE Review Manual 2021, Chapter 2: Privacy Governance, Section 2.3: Third-Party Management, p. 51-52.

ISACA, Data Privacy Audit/Assurance Program, Control Objective 8: Third-Party Management, p. 14-151

Question #6

During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?

A . Segregation of duties
B . Unique user credentials
C . Two-person rule
D . Need-to-know basis

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The need-to-know basis principle is a security principle that states that access to personal data should be limited to those who have a legitimate purpose for accessing it. The need-to-know basis principle helps to protect data privacy by minimizing the exposure of personal data to unauthorized or unnecessary parties, reducing the risk of data breaches, leaks, or misuse. The need-to-know basis principle should be applied when designing a role-based user access model for a new application, by defining clear roles and responsibilities for different users, granting access rights based on their roles and functions, and enforcing access controls and audits to monitor and verify data access.

Reference: CDPSE Review Manual (Digital Version), page 105

Question #7

Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

A . Detailed documentation of data privacy processes
B . Strategic goals of the organization
C . Contract requirements for independent oversight
D . Business objectives of senior leaders

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The strategic goals of the organization should be established first before a privacy office starts to develop a data protection and privacy awareness campaign, because they provide the direction, purpose, and scope of the campaign. The strategic goals of the organization reflect its vision, mission, values, and objectives, as well as its alignment with the relevant privacy laws and regulations, stakeholder expectations, and industry best practices. The privacy office should design and implement the awareness campaign in a way that supports and promotes the strategic goals of the organization, as well as measures and evaluates its effectiveness and impact.

Reference: CDPSE Review Manual, 2023 Edition, Domain 1: Privacy Governance, Section 1.1.2: Privacy Strategy Implementation, p. 19

CDPSE Review Manual, 2023 Edition, Domain 1: Privacy Governance, Section 1.3.2: Privacy Awareness and Training Program, p. 38-39

ICO launches data awareness campaign1

Reference: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-5/building-a-

privacy-culture

Question #8

Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?

A . Providing system engineers the ability to search and retrieve data
B . Allowing individuals to have direct access to their data
C . Allowing system administrators to manage data access
D . Establishing a data privacy customer service bot for individuals

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Any organization collecting information about EU residents is required to operate with transparency in collecting and using their personal information. Chapter III of the GDPR defines eight data subject rights that have become foundational for other privacy regulations around the world: Right to access personal data. Data subjects can access the data collected on them.

One of the privacy requirements related to the rights of data subjects is the right to access, which means that individuals have the right to obtain a copy of their personal data, as well as information about how their data is processed, by whom, for what purposes, and for how long. To meet this requirement, an organization’s technology stack should incorporate features that allow individuals to have direct access to their data, such as self-service portals, dashboards, or applications. This way, individuals can exercise their right to access without relying on intermediaries or manual processes, which can be inefficient, error-prone, or insecure.

Reference: CDPSE Review Manual (Digital Version), page 137

Question #9

Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

A . The service provider has denied the organization’s request for right to audit.
B . Personal data stored on the cloud has not been anonymized.
C . The extent of the service provider’s access to data has not been established.
D . The data is stored in a region with different data protection requirements.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/data-owners-responsibilities-when-migrating-to-the-cloud

Cross-border data transfer regulations are laws and rules that govern the movement of personal data across national or regional boundaries. They aim to protect the privacy rights and interests of the data subjects, and to ensure that their personal data are not subject to lower or incompatible standards of protection in other jurisdictions. Examples of cross-border data transfer regulations

include the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States, and the Personal Information Protection Law (PIPL) in China.

When an organization uses a cloud service provider to store and process data, it may face the risk of transferring personal data to a region with different data protection requirements, such as a region that has not been recognized as providing adequate or equivalent levels of protection by the original jurisdiction, or a region that has conflicting or incompatible laws or regulations with the original jurisdiction. This may result in the following consequences for the organization:

It may violate the cross-border data transfer regulations of the original jurisdiction, and face legal sanctions, fines, or lawsuits from the regulators, customers, or data subjects.

It may lose control or visibility over the personal data, and expose them to unauthorized or unlawful access, use, modification, or disclosure by the cloud service provider or third parties.

It may compromise the trust and confidence of the customers and data subjects, and damage its reputation and competitiveness.

Therefore, an organization subject to cross-border data transfer regulations should carefully assess

and manage the risks of using a cloud service provider to store and process data, and ensure that it

has appropriate safeguards and mechanisms in place to protect the privacy of personal data across

borders.

Reference: Cross-Border Data Transfer and Data Localization Requirements … – ISACA, section 1: “As a result, China’s National People’s Congress (NPC) and the National Committee of the Chinese People’s Political Consultative Conference (PCC) put forward suggestions on legislation addressing cross-border data transfer.”

Regulatory Approaches to Cross-Border Data Transfers, section 1: “Cross-border transfers of personal information are increasingly common in today’s globalised economy. However, different jurisdictions have different approaches to regulating such transfers.”

Cross-Border Data Transfer Requirements: Global Privacy Laws – Securiti, section 1: “Data transfer conditions, mechanisms, localization and regulatory authority of each law.”

The Regulation of Cross-Border Data Transfers in the Context … – Springer, section 1: “No Party shall prohibit or restrict the cross-border transfer of information, including personal information, by electronic means if this activity is for the conduct of the business of a covered person.”

Question #10

When configuring information systems for the communication and transport of personal data, an organization should:

A . adopt the default vendor specifications.
B . review configuration settings for compliance.
C . implement the least restrictive mode.
D . enable essential capabilities only.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Reference: https://www.vonage.com/resources/articles/gdpr-means-customer-communications/ When configuring information systems for the communication and transport of personal data, an organization should review configuration settings for compliance with privacy regulations and standards. This means that the organization should ensure that the configuration settings are aligned with the privacy principles and requirements that apply to the data being communicated or transported, such as data minimization, purpose limitation, consent, encryption, pseudonymization, anonymization, etc. The organization should also document and monitor the configuration settings and perform regular audits and reviews to verify their effectiveness and compliance.

Reference: CDPSE Review Manual (Digital Version), page 151

Question #11

Which of the following helps define data retention time is a stream-fed data lake that includes personal data?

A . Information security assessments
B . Privacy impact assessments (PIAs)
C . Data privacy standards
D . Data lake configuration

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

A privacy impact assessment (PIA) is a systematic process of identifying and evaluating the potential privacy risks and impacts of a data processing activity or system. A PIA helps to ensure that privacy is considered and integrated into the design and development of data processing activities or systems, and that privacy risks are mitigated or eliminated. A PIA also helps to determine the appropriate retention periods for personal data based on the purpose and necessity of the data processing, as well as the legal and regulatory obligations that apply to the data. Therefore, a PIA helps to define data retention time in a stream-fed data lake that includes personal data.

Reference: CDPSE Review Manual (Digital Version), page 99

Question #12

When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?

A . Data classification labeling
B . Data residing in another country
C . Volume of data stored
D . Privacy training for backup users

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/selecting-the-right-cloud-operating-model-privacy-and-data-security-in-the-cloud

When evaluating cloud-based services for backup, one of the most important factors to consider from a privacy regulation standpoint is data residing in another country. This is because different countries may have different privacy laws and regulations that apply to the personal data stored or processed in their jurisdictions. Some countries may have more stringent or protective privacy laws than others, while some countries may have more intrusive or invasive practices that pose threats to data privacy. Therefore, an organization should be aware of the location of its cloud-based backup service provider and its servers, and ensure that there are adequate safeguards and agreements in place to protect the personal data from unauthorized or unlawful access, use, disclosure, or transfer.

Reference: CDPSE Review Manual (Digital Version), page 159

Question #13

Which of the following should be the FIRST consideration when selecting a data sanitization method?

A . Risk tolerance
B . Implementation cost
C . Industry standards
D . Storage type

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The first consideration when selecting a data sanitization method is the type of storage device that holds the data to be sanitized. Different types of storage devices have different characteristics and limitations that affect the effectiveness and feasibility of data sanitization methods. For example, magnetic media, such as hard disk drives (HDDs), can be sanitized by data degaussing, which is wiping data permanently by weakening the magnetic field1. However, data degaussing is not applicable to devices that use solid state drive (SSD) technology, since SSDs do not store data magnetically2. Therefore, the storage type determines which data sanitization methods are suitable and available for the data disposal process.

Reference: ISACA, Why (and How to) Dispose of Digital Data, Data Degaussing1 ISACA, Best Practices for Data Hygiene, Data Hygiene Practices3 TechReset, Data Sanitization and Methods, Cryptographic Erasure2 Imperva, What is Data Sanitization?4

Question #14

Which of the following system architectures BEST supports anonymity for data transmission?

A . Client-server
B . Plug-in-based
C . Front-end
D . Peer-to-peer

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

A peer-to-peer (P2P) system architecture is a network model where each node (peer) can act as both a client and a server, and communicate directly with other peers without relying on a centralized authority or intermediary. A P2P system architecture best supports anonymity for data transmission, by providing the following advantages:

It can hide the identity and location of the peers, by using encryption, pseudonyms, proxies, or onion routing techniques, such as Tor1 or I2P2. These techniques can prevent eavesdropping, tracking, or censorship by third parties, such as Internet service providers, governments, or hackers.

It can distribute the data across multiple peers, by using hashing, replication, or fragmentation techniques, such as BitTorrent3 or IPFS4. These techniques can reduce the risk of data loss, corruption, or tampering by malicious peers, and increase the availability and resilience of the data. It can enable the peers to control their own data, by using consensus, validation, or incentive mechanisms, such as blockchain5 or smart contracts. These mechanisms can ensure the integrity and authenticity of the data transactions, and enforce the privacy policies and preferences of the data owners.

Question #15

Of the following, who should be PRIMARILY accountable for creating an organization’s privacy management strategy?

A . Chief data officer (CDO)
B . Privacy steering committee
C . Information security steering committee
D . Chief privacy officer (CPO)

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Some organizations, typically those that manage large amounts of personal information related to employees, customers, or constituents, will employ a chief privacy officer (CPO). Some organizations have a CPO because applicable regulations such as the Gramm-Leach-Bliley Act (GLBA) require it. Other regulations such as the Health Information Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA), and the GLBA place a slate of responsibilities upon an organization that compels them to hire an executive responsible for overseeing compliance.

The chief privacy officer (CPO) is the senior executive who is responsible for establishing and maintaining the organization’s privacy vision, strategy, and program. The CPO oversees the development and implementation of privacy policies, procedures, standards, and controls, and ensures that they align with the organization’s business objectives and legal obligations. The CPO also leads the privacy governance structure, such as the privacy steering committee, and coordinates with other stakeholders, such as the chief data officer (CDO), the information security steering committee, and the legal counsel, to ensure that privacy is integrated into all aspects of the organization’s operations.

Reference: CDPSE Review Manual (Digital Version), page 21

Question #16

Which of the following is the BEST way to protect personal data in the custody of a third party?

A . Have corporate counsel monitor privacy compliance.
B . Require the third party to provide periodic documentation of its privacy management program.
C . Include requirements to comply with the organization’s privacy policies in the contract.
D . Add privacy-related controls to the vendor audit plan.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

In GDPR parlance, organizations that use third-party service providers are often, but not always, considered data controllers, which are entities that determine the purposes and means of the processing of personal data, which can include directing third parties to process personal data on their behalf. The third parties that process data for data controllers are known as data processors. The best way to protect personal data in the custody of a third party is to include requirements to comply with the organization’s privacy policies in the contract. This means that the organization should specify the terms and conditions of data processing, such as the purpose, scope, duration, and security measures, and ensure that they are consistent with the organization’s privacy policies and applicable privacy regulations. The contract should also define the roles and responsibilities of both parties, such as data controller and data processor, and establish mechanisms for monitoring, reporting, auditing, and resolving any issues or incidents related to data privacy.

Reference: CDPSE Review Manual (Digital Version), page 41

Question #17

Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

A . The system architecture is clearly defined.
B . A risk assessment has been completed.
C . Security controls are clearly defined.
D . Data protection requirements are included.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://www.isaca.org/privacy-policy

The most important thing to ensure when developing a business case for the procurement of a new IT system that will process and store personal information is that data protection requirements are included. This means that the organization should identify and analyze the privacy risks and impacts of the new IT system, and determine the appropriate measures to mitigate or eliminate them. The data protection requirements should cover aspects such as data minimization, consent, access, rectification, erasure, portability, security, breach notification, etc. The data protection requirements should also align with the organization’s privacy policies and applicable privacy regulations.

Reference: CDPSE Review Manual (Digital Version), page 63

Question #18

Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?

A . Conduct an audit.
B . Report performance metrics.
C . Perform a control self-assessment (CSA).
D . Conduct a benchmarking analysis.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The best way to validate that privacy practices align to the published enterprise privacy management program is to conduct an audit. An audit is an independent and objective examination of evidence to provide assurance that privacy practices are effective and compliant with the enterprise privacy management program. An audit can also identify any gaps or weaknesses in the privacy practices and provide recommendations for improvement. An audit can be conducted internally or externally, depending on the scope, objectives, and standards of the audit.

Reference: CDPSE Review Manual (Digital Version), page 83

Question #19

Which of the following is the GREATEST benefit of adopting data minimization practices?

A . Storage and encryption costs are reduced.
B . Data retention efficiency is enhanced.
C . The associated threat surface is reduced.
D . Compliance requirements are met.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The greatest benefit of adopting data minimization practices is that the associated threat surface is reduced. Data minimization is a privacy principle that states that personal data should be adequate, relevant, and limited to what is necessary for the purposes for which they are processed. Data minimization helps to protect data privacy by reducing the amount and type of personal data that are collected, stored, processed, or shared by an organization. This in turn reduces the exposure of personal data to potential threats, such as unauthorized access, use, disclosure, modification, or loss.

Reference: CDPSE Review Manual (Digital Version), page 29

Question #20

An organization want to develop an application programming interface (API) to seamlessly exchange personal data with an application hosted by a third-party service provider.

What should be the FIRST step when developing an application link?

A . Data tagging
B . Data normalization
C . Data mapping
D . Data hashing

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Data mapping is the process of defining how data elements from different sources are related, transformed, and transferred to a common destination. Data mapping is the first step when developing an application link because it helps to ensure that the data exchanged between the API and the third-party application is consistent, accurate, and compatible. Data mapping also helps to identify any gaps, errors, or conflicts in the data and resolve them before the data transfer occurs.

Reference: What is Data Mapping?, Talend

Data Mapping: What It Is and How to Do It, Xplenty

Question #21

Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?

A . End users using weak passwords
B . Organizations using weak encryption to transmit data
C . Vulnerabilities existing in authentication pages
D . End users forgetting their passwords

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

One of the most common vulnerabilities that can compromise the access to personal information is end users using weak passwords. Weak passwords are passwords that are easy to guess, crack, or steal, such as passwords that are short, simple, common, or reused. Weak passwords can allow unauthorized or malicious parties to gain access to personal information and cause privacy breaches, leaks, or misuse. Multi-factor authentication is an effective way to mitigate this vulnerability, as it requires end users to provide more than one piece of evidence to verify their identity, such as something they know (e.g., password), something they have (e.g., token), or something they are (e.g., biometric). Multi-factor authentication makes it harder for attackers to bypass the authentication process and access personal information.

Reference: CDPSE Review Manual (Digital Version), page 107

Question #22

Which of the following is the BEST way for an organization to limit potential data exposure when implementing a new application?

A . Implement a data loss prevention (DLP) system.
B . Use only the data required by the application.
C . Encrypt all data used by the application.
D . Capture the application’s authentication logs.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The principle of data minimization states that personal data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. By using only the data required by the application, the organization can reduce the amount of data that is collected, stored, processed and potentially exposed. This can also help the organization comply with privacy laws and regulations that require data minimization, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Reference: CDPSE Review Manual, 2021 Edition, ISACA, page 98

[Data minimization], European Commission

Question #23

An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities.

Which data protection principle is applied?

A . Data integrity and confidentiality
B . System use requirements
C . Data use limitation
D . Lawfulness and fairness

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Lawfulness and fairness is a data protection principle that states that personal data should be processed in a lawful, fair, and transparent manner in relation to the data subject. This means that personal data should be collected and used for legitimate purposes that are specified and communicated to the data subject, and that respect the rights and interests of the data subject. By posting its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities, an online business is applying the lawfulness and fairness principle. The online business is informing the customers about the purpose and scope of data collection, and obtaining their consent or legal basis for processing their personal data.

Reference: CDPSE Review Manual (Digital Version), page 2

Question #24

What type of personal information can be collected by a mobile application without consent?

A . Full name
B . Geolocation
C . Phone number
D . Accelerometer data

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://www.enisa.europa.eu/publications/privacy-and-data-protection-in-mobile-applications/at_download/fullReport

Accelerometer data is a type of personal information that can be collected by a mobile application without consent, according to some studies and reports. Accelerometer data measures the movement and orientation of the device, and can be used for various purposes, such as fitness tracking, gaming, navigation, and authentication. However, accelerometer data can also reveal sensitive information about the user’s behavior, activity, location, and identity, without their knowledge or permission. For example, some researchers have shown that accelerometer data can be used to infer the user’s gender, age, health condition, personality traits, and even passwords. Therefore, accelerometer data poses a significant privacy risk for mobile users, and there is a lack of clear and consistent regulations and guidelines on how to collect, use, and protect this type of data.

Reference: Privacy Threats through Ultrasonic Side Channels on Mobile Devices, IEEE Accelerometer Data as a Biometric Identifier, IEEE Privacy Leaks from Smartphone Motion Sensors, IEEE

How Your Smartphone’s Motion Sensors Can Reveal Your PIN, Forbes

Question #25

What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?

A . Distributing a privacy rights policy
B . Mailing rights documentation to customers
C . Publishing a privacy notice
D . Gaining consent when information is collected

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The primary means by which an organization communicates customer rights as it relates to the use of their personal information is publishing a privacy notice. A privacy notice is a document that informs the customers about how their personal information is collected, used, shared, stored, and protected by the organization, as well as what rights they have regarding their personal information, such as access, rectification, erasure, portability, objection, etc. A privacy notice should be clear, concise, transparent, and easily accessible to the customers, and should comply with the applicable privacy regulations and standards. A privacy notice helps to establish trust and transparency between the organization and the customers, and enables the customers to exercise their rights and choices over their personal information.

Reference: CDPSE Review Manual (Digital Version), page 39

Question #26

A new marketing application needs to use data from the organization’s customer database.

Prior to the application using the data, which of the following should be done FIRST?

A . Ensure the data loss prevention (DLP) tool is logging activity.
B . De-identify all personal data in the database.
C . Determine what data is required by the application.
D . Renew the encryption key to include the application.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Before using data from the organization’s customer database for a new marketing application, the first step should be to determine what data is required by the application and for what purpose. This will help to ensure that the data collection and processing are relevant, necessary, and proportionate to the intended use, and that the data minimization principle is followed. Data minimization means that only the minimum amount of personal data needed to achieve a specific purpose should be collected and processed, and that any excess or irrelevant data should be deleted or anonymized1. This will also help to comply with the data privacy laws and regulations that apply to the organization, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), which require organizations to inform data subjects about the types and purposes of data processing, and to obtain their consent if needed23.

Reference: ISACA, Data Privacy Audit/Assurance Program, Control Objective 2: Data Minimization, p. 61

ISACA, GDPR Data Protection Impact Assessments, p. 4-52

ISACA, CCPA vs. GDPR: Similarities and Differences, p. 1-23

Question #27

Which of the following MUST be available to facilitate a robust data breach management response?

A . Lessons learned from prior data breach responses
B . Best practices to obfuscate data for processing and storage
C . An inventory of previously impacted individuals
D . An inventory of affected individuals and systems

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://securityscorecard.com/blog/the-ultimate-data-breach-response-plan

To facilitate a robust data breach management response, an organization must have an inventory of affected individuals and systems, as this will help to identify the scope, impact and severity of the breach, and to take appropriate actions to contain, mitigate and notify the breach. An inventory of affected individuals and systems should include the following information:

The number and categories of data subjects whose personal data have been compromised. The types and volumes of personal data that have been exposed, altered or deleted

The sources and locations of the personal data, such as databases, servers, devices or third parties. The potential or actual consequences of the breach for the data subjects, such as identity theft, fraud, discrimination or physical harm

The systems and processes that have been compromised or affected by the breach, such as networks, applications, devices or security controls

The vulnerabilities or risks that have been exploited or introduced by the breach, such as malware, phishing, ransomware or human error

An inventory of affected individuals and systems will help the organization to assess the risk level of the breach, and to determine the appropriate response strategy and actions, such as: Isolating or shutting down the affected systems or processes

Restoring or recovering the personal data from backups or other sources

Erasing or encrypting the personal data on the compromised devices or media

Analyzing the root cause and impact of the breach

Reporting the breach to the relevant authorities and stakeholders Notifying the data subjects of their rights and remedies

Implementing corrective and preventive measures to avoid future breaches

Reference: Data Breach Preparation and Response in Accordance With GDPR – ISACA, section 4: “The controller should document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.”

Cybersecurity Incident Response Exercise Guidance – ISACA, section 3: “The IRT should identify all assets involved in an incident (e.g., hardware, software) and determine what information was compromised (e.g., PII).”

Guide to Securing Personal Data in Electronic Medium, section 3.5: “Organisations should maintain an inventory of personal data in their possession or under their control.”

Question #28

Which of the following zones within a data lake requires sensitive data to be encrypted or tokenized?

A . Trusted zone
B . Clean zone
C . Raw zone
D . Temporal zone

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

A raw zone is a zone within a data lake that contains unprocessed or unstructured data that is ingested from various sources without any transformation or validation. A raw zone may contain sensitive data that has not been identified or classified yet, such as personal data. Therefore, sensitive data in a raw zone should be encrypted or tokenized to protect its confidentiality and integrity. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm. Tokenization is a process of replacing sensitive data with non-sensitive substitutes called tokens. Both encryption and tokenization help to prevent unauthorized or unlawful access, use, disclosure, or transfer of sensitive data in a raw zone.

Reference: CDPSE Review Manual (Digital Version), page 169

Question #29

Which of the following poses the GREATEST privacy risk for client-side application processing?

A . Failure of a firewall protecting the company network
B . An employee loading personal information on a company laptop
C . A remote employee placing communication software on a company server
D . A distributed denial of service attack (DDoS) on the company network

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The greatest privacy risk for client-side application processing is an employee loading personal information on a company laptop. Client-side application processing refers to performing data processing operations on the user’s device or browser, rather than on a server or cloud. This can improve performance and user experience, but also pose privacy risks if the user’s device is lost, stolen, hacked, or infected with malware. An employee loading personal information on a company laptop is exposing that information to potential threats on the client-side, such as unauthorized access, use, disclosure, modification, or loss. Therefore, an organization should implement appropriate security measures to protect personal information on client-side devices, such as encryption, authentication, authorization, logging, monitoring, etc.

Reference: CDPSE Review Manual (Digital Version), page 153

Question #30

Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?

A . Access is logged on the virtual private network (VPN).
B . Multi-factor authentication is enabled.
C . Active remote access is monitored.
D . Access is only granted to authorized users.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The primary consideration to ensure control of remote access is aligned to the privacy policy is that access is only granted to authorized users. This means that the organization should implement and enforce policies and procedures to identify, authenticate, and authorize users who need to access personal data remotely, such as employees, contractors, or service providers. The organization should also define and communicate the roles and responsibilities of remote users, and the terms and conditions of remote access, such as the purpose, scope, duration, and security measures. By granting access only to authorized users, the organization can protect data privacy by preventing unauthorized or unnecessary access, use, disclosure, or transfer of personal data.

Reference: CDPSE Review Manual (Digital Version), page 107

Question #31

Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?

A . The organization lacks a hardware disposal policy.
B . Emails are not consistently encrypted when sent internally.
C . Privacy training is carried out by a service provider.
D . The organization’s privacy policy has not been reviewed in over a year.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The scenario that poses the greatest risk to an organization from a privacy perspective is that the organization lacks a hardware disposal policy. A hardware disposal policy is a policy that defines how the organization should dispose of or destroy hardware devices that contain or process personal data, such as laptops, servers, hard drives, USBs, etc. A hardware disposal policy should ensure that personal data is securely erased or overwritten before the hardware device is discarded, recycled, donated, or sold. A hardware disposal policy should also comply with the applicable privacy regulations and standards that govern data retention and destruction. By lacking a hardware disposal policy, the organization exposes personal data to potential threats, such as theft, loss, or unauthorized access, use, disclosure, or transfer.

Reference: CDPSE Review Manual (Digital Version), page 123

Question #32

Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident?

A . Offline backup availability
B . Recovery time objective (RTO)
C . Recovery point objective (RPO)
D . Online backup frequency

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://www.druva.com/blog/understanding-rpo-and-rto/

Recovery point objective (RPO) is the maximum amount of data that can be lost or corrupted before it affects the ability to restore the normal operations of a business. RPO is measured by the time interval between the last valid backup and the occurrence of a data privacy incident. A lower RPO means less data loss and faster recovery, while a higher RPO means more data loss and slower recovery. Therefore, RPO is the most important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident, because it determines how frequently and thoroughly the personal data should be backed up and protected.

Reference: IT Disaster Recovery Plan, Ready.gov

Understanding data backup, recovery, and business continuity, Leverage ITC Business Continuity & Disaster Recovery Planning (BCP & DRP), Imperva

Question #33

In which of the following should the data record retention period be defined and established?

A . Data record model
B . Data recovery procedures
C . Data quality standard
D . Data management plan

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2010/an-introduction-to-digital-records-management

A data management plan is a document that describes how data will be collected, stored, processed, shared, and disposed of throughout the data lifecycle. A data management plan should include information such as the purpose and scope of data processing, the data sources and types, the data quality and integrity standards, the data security and privacy measures, the data retention and destruction periods, the data ownership and governance structure, etc. A data management plan should also align with the organization’s privacy policies and applicable privacy regulations and standards. Therefore, a data management plan is where the data record retention period should be defined and established.

Reference: CDPSE Review Manual (Digital Version), page 169

Question #34

When tokenizing credit card data, what security practice should be employed with the original data before it is stored in a data lake?

A . Encoding
B . Backup
C . Encryption
D . Classification

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://cpl.thalesgroup.com/faq

Encryption is a security practice that transforms data into an unreadable format using a secret key or algorithm. Encryption protects the confidentiality and integrity of data, especially when they are stored in a data lake or other cloud-based storage systems. Encryption ensures that only authorized parties can access and use the original data, while unauthorized parties cannot decipher or modify the data without the key or algorithm. Encryption also helps to comply with data protection laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), which require data controllers and processors to implement appropriate technical and organizational measures to safeguard personal data.

The other options are less effective or irrelevant for securing the original data before storing them in a data lake. Encoding is a process of converting data from one format to another, such as base64 or hexadecimal. Encoding does not protect the data from unauthorized access or use, as it can be easily reversed without a key or algorithm. Backup is a process of creating a copy of data for recovery purposes, such as in case of data loss or corruption. Backup does not protect the data from unauthorized access or use, as it may create additional copies of sensitive data that need to be secured. Classification is a process of assigning labels or categories to data based on their sensitivity, value or risk level, such as public, confidential or restricted. Classification helps to identify and manage the data according to their security requirements, but it does not protect the data from unauthorized access or use by itself.

Reference: Tokenization: Your Secret Weapon for Data Security? – ISACA, section 2: “Encryption is one of the most effective security controls available to enterprises, but it can be challenging to deploy and maintain across a complex enterprise landscape.”

Credit Card Tokenization: What It Is, How It Works – NerdWallet, section 2: “Encrypting personal data automatically before sending them through email, using encryption standards and algorithms that are compliant with data protection laws and regulations.”

Tokenized Credit Card Data: Everything You Need to Know – Koombea, section 3: “The sensitive card data itself is stored on a server with much higher security.”

What is Data Tokenization and Why is it Important? | Immuta, section 2: “Tokenization replaces the original sensitive data with randomly generated, nonsensitive substitute characters as placeholder data.”

Question #35

Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?

A . Data custodian
B . Privacy data analyst
C . Data processor
D . Data owner

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Reference: https://ico.org.uk/media/1042196/trilateral-full-report.pdf

The data owner is the key stakeholder within an organization who should be responsible for approving the outcomes of a privacy impact assessment (PIA). A PIA is a systematic process of identifying and evaluating the potential privacy risks and impacts of a data processing activity or system. The data owner is the person who has the authority and accountability for the data processing activity or system, and who determines the purpose and means of the data processing. The data owner should approve the outcomes of a PIA, such as the risk assessment, the risk mitigation plan, and the residual risk level, to ensure that they are consistent with the business objectives and legal obligations of the data processing activity or system.

Reference: CDPSE Review Manual (Digital Version), page 99

Question #36

Which of the following is the best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records?

A . Limited functions and capabilities of a secured operating environment
B . Monitored network activities for unauthorized use
C . Improved data integrity and reduced effort for privacy audits
D . Unlimited functionalities and highly secured applications

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records is that it can improve data integrity and reduce effort for privacy audits. Desktop virtualization is a technology that allows users to access a virtual desktop environment that is hosted on a remote server, rather than on their local device. Desktop virtualization can enhance data privacy by providing stronger access control to systems containing patient records, such as requiring authentication, authorization, encryption, logging, etc. Desktop virtualization can also improve data integrity by ensuring that patient records are stored and processed in a centralized and secure location, rather than on multiple devices that may be vulnerable to loss, theft, damage, or corruption. Desktop virtualization can also reduce effort for privacy audits by simplifying the management and monitoring of data privacy compliance across different devices and locations.

Reference: CDPSE Review Manual (Digital Version), page 153

Question #37

What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?

A . Require security management to validate data privacy security practices.
B . Involve the privacy office in an organizational review of the incident response plan.
C . Hire a third party to perform a review of data privacy processes.
D . Conduct annual data privacy tabletop exercises.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The best way for an organization to maintain the effectiveness of its privacy breach incident response plan is to conduct annual data privacy tabletop exercises. A data privacy tabletop exercise is a simulated scenario that tests the organization’s ability to respond to a privacy breach incident, such as a data breach, leak, or misuse. A data privacy tabletop exercise involves key stakeholders, such as the privacy office, the information security team, the legal counsel, the public relations team, etc., who role-play their actions and decisions based on the scenario. A data privacy tabletop exercise helps to evaluate and improve the organization’s privacy breach incident response plan, such as identifying gaps or weaknesses, validating roles and responsibilities, verifying procedures and protocols, assessing communication and coordination, etc.

Reference: CDPSE Review Manual (Digital Version), page 83

Question #38

Which of the following is MOST important when developing an organizational data privacy program?

A . Obtaining approval from process owners
B . Profiling current data use
C . Following an established privacy framework
D . Performing an inventory of all data

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Following an established privacy framework is the most important step when developing an organizational data privacy program because it provides a structured and consistent approach to identify, assess, and manage privacy risks and compliance obligations. A privacy framework can also help to align the privacy program with the organization’s strategic goals, values, and culture, as well as to communicate and demonstrate the privacy program’s effectiveness to internal and external stakeholders. Some examples of established privacy frameworks are the NIST Privacy Framework, the ISO/IEC 27701:2019, and the AICPA Privacy Maturity Model.

Reference: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management, NIST ISO/IEC 27701:2019 Security techniques ― Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ― Requirements and guidelines, ISO Privacy Maturity Model, AICPA

Question #39

Which of the following should be considered personal information?

A . Biometric records
B . Company address
C . University affiliation
D . Age

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Biometric records are personal information that can be used to identify an individual based on their physical or behavioral characteristics, such as fingerprints, facial recognition, iris scans, voice patterns, etc. Biometric records are considered sensitive personal information that require special protection and consent from the data subject. Biometric records can be used for various purposes, such as authentication, identification, security, etc., but they also pose privacy risks, such as unauthorized access, use, disclosure, or transfer of biometric data.

Reference: CDPSE Review Manual (Digital Version), page 25

Question #40

Which of the following should an IT privacy practitioner do FIRST following a decision to expand

remote working capability to all employees due to a global pandemic?

A . Evaluate the impact resulting from this change.
B . Revisit the current remote working policies.
C . Implement a virtual private network (VPN) tool.
D . Enforce multi-factor authentication for remote access.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The first step for an IT privacy practitioner following a decision to expand remote working capability is to evaluate the impact resulting from this change on the organization’s privacy policies, programs and practices. This will help identify the risks and gaps that need to be addressed, as well as the opportunities for improvement and optimization. The other options are possible actions that may be taken after the impact assessment, depending on the results and recommendations.

Reference: CDPSE Exam Content Outline, Domain 1 C Privacy Governance (Governance, Management & Risk Management), Task 1: Identify issues requiring remediation and opportunities for process improvement1.

CDPSE Review Manual, Chapter 1 C Privacy Governance, Section 1.3 C Privacy Impact Assessment (PIA)2.

Question #41

When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?

A . The key must be kept separate and distinct from the data it protects.
B . The data must be protected by multi-factor authentication.
C . The key must be a combination of alpha and numeric characters.
D . The data must be stored in locations protected by data loss prevention (DLP) technology.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Anonymization is a technique that removes or modifies personal data in such a way that it can no longer be attributed to a specific data subject. Anonymization can be achieved by various methods, such as encryption, pseudonymization, aggregation, generalization, etc. When using anonymization techniques to prevent unauthorized access to personal data, the most important consideration to ensure the data is adequately protected is that the key must be kept separate and distinct from the data it protects. The key is a piece of information that is used to reverse the anonymization process and restore the original personal data. The key must be stored and managed in a secure location that is different from where the anonymized data is stored and processed. This way, even if the anonymized data is compromised, the key cannot be accessed or used to re-identify the data subjects.

Reference: CDPSE Review Manual (Digital Version), page 29

Question #42

Which party should data subject contact FIRST if they believe their personal information has been collected and used without consent?

A . Privacy rights advocate
B . Outside privacy counsel
C . Data protection authorities
D . The organization’s chief privacy officer (CPO)

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The data subject should contact the organization’s chief privacy officer (CPO) first if they believe their personal information has been collected and used without consent. The CPO is the senior executive who is responsible for establishing and maintaining the organization’s privacy vision, strategy, and program. The CPO oversees the development and implementation of privacy policies, procedures, standards, and controls, and ensures that they align with the organization’s business objectives and legal obligations. The CPO also leads the privacy governance structure, such as the privacy steering committee, and coordinates with other stakeholders, such as the data protection authorities, the privacy rights advocates, and the outside privacy counsel, to ensure that privacy is integrated into all aspects of the organization’s operations. The CPO is the primary point of contact for data subjects who have any questions, complaints, or requests regarding their personal information, and who can address their concerns and resolve their issues in a timely and effective manner.

Reference: CDPSE Review Manual (Digital Version), page 21

Question #43

Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?

A . Understanding the data flows within the organization
B . Implementing strong access controls on a need-to-know basis
C . Anonymizing privacy data during collection and recording
D . Encrypting the data throughout its life cycle

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2010/data-governance-for-privacy-confidentiality-and-compliance-a-holistic-approach

The best way for an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services is to understand the data flows within the organization. Data flows are the paths or processes through which personal data moves within or outside the organization, from the point of collection to the point of disposal. Understanding the data flows helps to identify and analyze the privacy risks and impacts of data processing activities, such as data collection, storage, processing, sharing, and disposal. Understanding the data flows also helps to determine and apply the appropriate measures to protect personal data, such as data minimization, consent, access, rectification, erasure, portability, security, breach notification, etc. Understanding the data flows also helps to comply with the applicable privacy regulations and standards that govern data processing activities.

Reference: CDPSE Review Manual (Digital Version), page 97

Question #44

Which of the following tracking technologies associated with unsolicited targeted advertisements presents the GREATEST privacy risk?

A . Online behavioral tracking
B . Radio frequency identification (RFID)
C . Website cookies
D . Beacon-based tracking

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Online behavioral tracking is a tracking technology associated with unsolicited targeted advertisements that presents the greatest privacy risk. Online behavioral tracking is a technique that collects and analyzes personal data about users’ online activities, preferences, interests, and behaviors across different websites or platforms. Online behavioral tracking is used to create user profiles and deliver personalized or targeted advertisements that match users’ needs or wants. Online behavioral tracking poses a privacy risk because it can invade users’ privacy by collecting sensitive or intimate personal data without their knowledge or consent, such as health conditions, political views, sexual orientation, etc. Online behavioral tracking can also expose users to unwanted or inappropriate advertisements that may influence their decisions or actions.

Reference: CDPSE Review Manual (Digital Version), page 139

Question #45

Which of the following should an IT privacy practitioner do FIRST before an organization migrates personal data from an on-premise solution to a cloud-hosted solution?

A . Develop and communicate a data security plan.
B . Perform a privacy impact assessment (PIA).
C . Ensure strong encryption is used.
D . Conduct a security risk assessment.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The first thing that an IT privacy practitioner should do before an organization migrates personal data from an on-premise solution to a cloud-hosted solution is to perform a privacy impact assessment (PIA). A PIA is a systematic process of identifying and evaluating the potential privacy risks and impacts of a data processing activity or system. A PIA helps to ensure that privacy is considered and integrated into the design and development of data processing activities or systems, and that privacy risks are mitigated or eliminated. A PIA also helps to determine the appropriate measures to protect personal data in a cloud-hosted solution, such as encryption, pseudonymization, anonymization, access control, audit trail, breach notification, etc. A PIA also helps to comply with the applicable privacy regulations and standards that govern data processing activities in a cloud-hosted solution.

Reference: CDPSE Review Manual (Digital Version), page 99

Question #46

Which of the following is a PRIMARY consideration to protect against privacy violations when utilizing artificial intelligence (AI) driven business decisions?

A . De-identifying the data to be analyzed
B . Verifying the data subjects have consented to the processing
C . Defining the intended objectives
D . Ensuring proper data sets are used to train the models

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The primary consideration to protect against privacy violations when utilizing artificial intelligence (AI) driven business decisions is ensuring proper data sets are used to train the models. AI is a technology that enables machines or systems to perform tasks that normally require human intelligence, such as reasoning, learning, decision making, etc. AI relies on large amounts of data to train its models and algorithms to perform these tasks. However, if the data sets used to train the models are inaccurate, incomplete, biased, or outdated, they can result in privacy violations, such as discrimination, profiling, manipulation, or harm to the data subjects. Therefore, an IT privacy practitioner should ensure that the data sets used to train the models are proper, meaning that they are relevant, representative, reliable, and respectful of the data subjects’ rights and interests.

Reference: CDPSE Review Manual (Digital Version), page 141

Question #47

To ensure effective management of an organization’s data privacy policy, senior leadership MUST define:

A . training and testing requirements for employees handling personal data.
B . roles and responsibilities of the person with oversights.
C . metrics and outcomes recommended by external agencies.
D . the scope and responsibilities of the data owner.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Senior leadership must define the roles and responsibilities of the person with oversight, who is responsible for ensuring compliance with the data privacy policy and applicable laws and regulations. This person may also be known as the data protection officer, the privacy officer, or the chief privacy officer, depending on the organization and jurisdiction. The person with oversight should have the

authority, resources, and independence to perform their duties effectively.

Reference: ISACA, CDPSE Review Manual 2021, Chapter 2: Privacy Governance, Section 2.1: Privacy Governance Framework, p. 35-36.

ISACA, Data Privacy Audit/Assurance Program, Control Objective 1: Data Privacy Governance, p. 4-51

Question #48

Which of the following BEST ensures data confidentiality across databases?

A . Logical data model
B . Data normalization
C . Data catalog vocabulary
D . Data anonymization

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The best way to ensure data confidentiality across databases is to use data anonymization, which is a process of removing or modifying personal or sensitive data from a dataset so that it cannot be linked or attributed to a specific individual or entity. Data anonymization helps protect the privacy and security of the data subjects, as well as comply with the applicable data protection laws and regulations. Data anonymization can be achieved by using various techniques, such as masking, encryption, aggregation, generalization, perturbation, or synthetic data generation12.

Reference: CDPSE Review Manual, Chapter 3 C Data Lifecycle, Section 3.3 C Data Anonymization3.

CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 3 C Data Lifecycle, Section 3.4 C Data Anonymization4.

Question #49

Which of the following vulnerabilities would have the GREATEST impact on the privacy of information?

A . Private key exposure
B . Poor patch management
C . Lack of password complexity
D . Out-of-date antivirus signatures

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The vulnerability that would have the greatest impact on the privacy of information is private key exposure, because it would compromise the encryption and decryption of the information, as well as the authentication and integrity of the communicating parties. A private key is a secret and unique value that is used to encrypt or decrypt data, or to sign or verify digital signatures. If an attacker gains access to the private key, they can read, modify, or impersonate the data or the sender, which would violate the confidentiality, integrity, and authenticity of the information12.

Reference: CDPSE Review Manual, Chapter 2 C Privacy Architecture, Section 2.3 C Privacy Architecture Implementation3.

CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 2 C Privacy Architecture, Section 2.4 C Remote Access4.

Question #50

Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?

A . Changes to current information architecture
B . Updates to data life cycle policy
C . Business impact due to the changes
D . Modifications to data quality standards

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

The most important thing to consider when managing changes to the provision of services by a third party that processes personal data is the business impact due to the changes. Changes to the provision of services by a third party can affect the organization’s ability to meet its business objectives and legal obligations related to data processing activities. For example, changes to the service level agreement (SLA), the scope of services, the security measures, the location of servers, etc., can have implications for the quality, availability, confidentiality, integrity, and compliance of personal data processing. Therefore, an IT privacy practitioner should assess and evaluate the business impact due to the changes, and ensure that they are aligned with the organization’s privacy policies and applicable privacy regulations and standards.

Reference: CDPSE Review Manual (Digital Version), page 41

Question #51

Which of the following techniques mitigates design flaws in the application development process that may contribute to potential leakage of personal data?

A . User acceptance testing (UAT)
B . Patch management
C . Software hardening
D . Web application firewall (WAF)

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Software hardening is a technique that mitigates design flaws in the application development process that may contribute to potential leakage of personal data. Software hardening is a process of modifying or configuring software to make it more secure and resilient against attacks or exploitation. Software hardening can involve various methods, such as removing unnecessary features or functions, disabling debugging or testing modes, applying patches or updates, implementing secure coding practices, etc. Software hardening helps to protect personal data by preventing or reducing the vulnerabilities that can allow unauthorized access, use, disclosure, or transfer of personal data.

Reference: CDPSE Review Manual (Digital Version), page 151

Question #52

Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?

A . It eliminates cryptographic key collision.
B . It minimizes the risk if the cryptographic key is compromised.
C . It is more practical and efficient to use a single cryptographic key.
D . Each process can only be supported by its own unique key management process.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The primary reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication, is that it minimizes the risk if the cryptographic key is compromised. A cryptographic key is a piece of information that is used to perform cryptographic operations, such as encryption or authentication. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm. Authentication is a process of verifying the identity or integrity of a user or data using a secret key or algorithm. If a single cryptographic key is used for multiple purposes, such as encryption and authentication, it increases the risk if the cryptographic key is compromised. For example, if an attacker obtains the cryptographic key that is used for both encryption and authentication, they can decrypt and access personal data, as well as impersonate or modify legitimate users or data. Therefore, a single cryptographic key should be used for only one purpose, and different keys should be used for different purposes.

Reference: CDPSE Review Manual (Digital Version), page 107

Question #53

During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?

A . Functional testing
B . Development
C . Production
D . User acceptance testing (UAT)

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

A PIA is a systematic process to identify and evaluate the potential privacy impacts of a system, project, program or initiative that involves the collection, use, disclosure or retention of personal data. A PIA should be conducted as early as possible in the system lifecycle, preferably during the development stage, to ensure that privacy risks are identified and mitigated before the system is deployed. Conducting a PIA during functional testing, UAT or production stages may be too late to address privacy issues effectively and may result in costly rework or delays1, p. 67

Reference: 1: CDPSE Review Manual (Digital Version)

Question #54

Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?

A . To assess privacy risks
B . To evaluate effectiveness of data controls
C . To determine data integration gaps
D . To comply with regulations

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Data flow mapping is a technique to document how personal data flows within and outside an organization, including the sources, destinations, formats, purposes and legal bases of the data processing activities. Data flow mapping helps organizations to assess privacy risks, such as data breaches, unauthorized access, misuse or loss of data, and to implement appropriate controls to mitigate those risks. Data flow mapping may also help organizations to evaluate the effectiveness of data controls, determine data integration gaps and comply with regulations, but those are not the primary reasons for data flow mapping1, p. 69-70

Reference: 1: CDPSE Review Manual (Digital Version)

Question #55

Which of the following is the BEST method to ensure the security of encryption keys when transferring data containing personal information between cloud applications?

A . Whole disk encryption
B . Asymmetric encryption
C . Digital signature
D . Symmetric encryption

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Asymmetric encryption is a method of encrypting and decrypting data using two different keys: a public key and a private key. The public key can be shared with anyone, while the private key is kept secret by the owner. Data encrypted with the public key can only be decrypted with the private key, and vice versa. Asymmetric encryption ensures the security of encryption keys when transferring data containing personal information between cloud applications, by providing the following benefits:

It can prevent unauthorized access or use of the data, as only the intended recipient who has the matching private key can decrypt the data sent by the sender who has the public key.

It can prevent man-in-the-middle attacks, where an attacker intercepts and modifies the data or keys in transit, as any tampering with the data or keys will result in decryption failure or error.

It can enable digital signatures, where the sender encrypts a message digest of the data with their private key, and the recipient verifies it with the sender’s public key. Digital signatures can ensure the authenticity and integrity of the data and the sender.

The other options are less effective or irrelevant for ensuring the security of encryption keys when transferring data containing personal information between cloud applications. Whole disk encryption is a method of encrypting all the data on a disk or device, such as a laptop or a smartphone. It does not protect the data when they are transferred over a network or stored on a cloud server. Symmetric encryption is a method of encrypting and decrypting data using the same key. It requires both parties to securely exchange and store the key, which may be difficult or risky in a cloud environment. Digital signature is not a method of encryption, but an application of asymmetric encryption that can provide additional security features for data transmission.

Question #56

When using pseudonymization to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?

A . The data must be protected by multi-factor authentication.
B . The identifier must be kept separate and distinct from the data it protects.
C . The key must be a combination of alpha and numeric characters.
D . The data must be stored in locations protected by data loss prevention (DLP) technology.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Pseudonymization is a technique that replaces direct identifiers in a data set with pseudonyms or artificial identifiers that do not reveal the identity of the data subjects. Pseudonymization reduces the linkability of the data set with the original identity of the data subjects and thus enhances the privacy and security of the data. However, pseudonymization is not irreversible and the original identity can be re-established if the pseudonym or key is compromised. Therefore, it is important to keep the identifier separate and distinct from the data it protects and to apply additional security measures to safeguard the identifier. The other options are not relevant to pseudonymization1, p. 74-75

Reference: 1: CDPSE Review Manual (Digital Version)

Question #57

Which of the following is the BEST way to limit the organization’s potential exposure in the event of consumer data loss while maintaining the traceability of the data?

A . Encrypt the data at rest.
B . De-identify the data.
C . Use a unique hashing algorithm.
D . Require a digital signature.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

De-identification is a technique that removes or modifies direct and indirect identifiers in a data set to prevent or limit the identification of the data subjects. De-identification reduces the risk of re-identification and thus limits the organization’s potential exposure in the event of consumer data loss. De-identification also maintains the traceability of the data by preserving some characteristics or patterns of the original data that can be used for analysis or research purposes. The other options are not effective ways to limit exposure and maintain traceability1, p. 75-76

Reference: 1: CDPSE Review Manual (Digital Version)

Question #58

Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?

A . Possession factor authentication
B . Knowledge-based credential authentication
C . Multi-factor authentication
D . Biometric authentication

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Authentication is a process of verifying the identity of a user or device that requests access to a system or resource. Authentication can be based on one or more factors, such as something the user knows (e.g., password), something the user has (e.g., token), something the user is (e.g., fingerprint) or something the user does (e.g., signature). When an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase, it is using possession factor authentication, which relies on something the user has as proof of identity. The other options are not applicable in this scenario1, p. 81

Reference: 1: CDPSE Review Manual (Digital Version)

Question #59

Which of the following BEST ensures a mobile application implementation will meet an organization’s data security standards?

A . User acceptance testing (UAT)
B . Data classification
C . Privacy impact assessment (PIA)
D . Automatic dynamic code scan

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

A mobile application implementation should meet the organization’s data security standards by ensuring that the application does not contain any vulnerabilities, errors or malicious code that could compromise the confidentiality, integrity or availability of the data. An automatic dynamic code scan is a technique that analyzes the application code while it is running to detect and report any security issues or defects. An automatic dynamic code scan can help to identify and fix any potential data security risks before the application is deployed. The other options are not sufficient to ensure data security standards. UAT is a process of verifying that the application meets the user requirements and expectations, but it does not necessarily test for data security. Data classification is a process of categorizing data according to its sensitivity and value, but it does not ensure that the data is protected by the application. A PIA is a process of identifying and evaluating the privacy impacts of a system or project that involves personal data, but it does not ensure that the system or project meets data security standards. , p. 89-90

Reference: CDPSE Review Manual (Digital Version)

Question #60

Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?

A . It increases system resiliency.
B . It reduces external threats to data.
C . It reduces exposure of data.
D . It eliminates attack motivation for data.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

System hardening is a process of applying security measures and configurations to a system to reduce its attack surface and enhance its resistance to threats. System hardening can include disabling unnecessary services, removing default accounts, applying patches and updates, enforcing strong passwords and encryption, and implementing firewalls and antivirus software. The primary benefit of system hardening is that it increases system resiliency, which is the ability of a system to withstand or recover from adverse events that could affect its functionality or performance. The other options are not the primary benefits of system hardening, although they may be secondary benefits or outcomes. System hardening does not necessarily reduce external threats to data, as threats can originate from various sources and vectors. System hardening may reduce exposure of data, but only if the data is stored or processed by the system. System hardening does not eliminate attack motivation for data, as attackers may have different motives and incentives for targeting data. , p. 91-92

Reference: CDPSE Review Manual (Digital Version)

Question #61

Which of the following is the MOST important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable?

A . Subject matter expertise
B . Type of media
C . Regulatory compliance requirements
D . Location of data

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Data sanitization is a process of permanently erasing or destroying data from a storage device or media to prevent unauthorized access or recovery of the data. Data sanitization methods can include physical destruction, degaussing, overwriting, encryption or cryptographic erasure. The most important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable is the type of media on which the data is stored, as different media types may require different methods or techniques to achieve effective sanitization. For example, physical destruction may be suitable for optical disks or tapes, but not for solid state drives (SSDs) or flash memory devices. Degaussing may be effective for magnetic disks or tapes, but not for optical disks or SSDs. Overwriting may work for hard disk drives (HDDs) or SSDs, but not for tapes or optical disks. Encryption or cryptographic erasure may be applicable for any media type, but may require additional security measures to protect the encryption keys or certificates. The other options are not as important as the type of media when using advanced data sanitization methods. Subject matter expertise may be helpful, but not essential, as long as the appropriate method is selected and applied correctly. Regulatory compliance requirements may influence the choice of method, but not necessarily determine it, as different methods may meet different standards or criteria. Location of data may affect the feasibility or cost of applying a method, but not its effectiveness or suitability., p. 93-94

Reference: CDPSE Review Manual (Digital Version)

Question #62

An email opt-in form on a website applies to which privacy principle?

A . Accuracy
B . Consent
C . Transparency
D . Integrity

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/an-ethical-approach-to-data-privacy-protection

Consent is a privacy principle that requires obtaining the permission or agreement of the data subjects before collecting, using, disclosing or transferring their personal data for specific purposes. Consent can be explicit or implicit, depending on the context and nature of the data processing activity and the applicable laws and regulations. An email opt-in form on a website is an example of obtaining explicit consent from the data subjects who voluntarily provide their email address and agree to receive marketing communications from the website owner or operator. The other options are not relevant to an email opt-in form on a website. Accuracy is a privacy principle that requires ensuring that the personal data is correct, complete and up-to-date. Transparency is a privacy principle that requires informing the data subjects about the identity and contact details of the data controller, the purposes and legal bases of the data processing, the rights and choices of the data subjects, and the safeguards and measures to protect the data. Integrity is a privacy principle that requires protecting the personal data from unauthorized or accidental modification, deletion or corruption. , p. 97-98

Reference: CDPSE Review Manual (Digital Version)

Question #63

Which of the following is MOST likely to present a valid use case for keeping a customer’s personal data after contract termination?

A . For the purpose of medical research
B . A forthcoming campaign to win back customers
C . A required retention period due to regulations
D . Ease of onboarding when the customer returns

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Data retention is a process of keeping personal data for a specified period of time for legitimate purposes, such as legal obligations, contractual agreements, business operations or historical records. Data retention should be based on the principle of data minimization, which requires limiting the collection, storage and processing of personal data to what is necessary and relevant for the intended purposes. Data retention should also comply with the principle of storage limitation, which requires deleting or disposing of personal data when it is no longer needed or justified. The most likely valid use case for keeping a customer’s personal data after contract termination is a required retention period due to regulations, such as tax laws, financial laws, health laws or consumer protection laws, that mandate the organization to retain certain types of customer data for a certain period of time after the end of the contractual relationship. The other options are not valid use cases for keeping a customer’s personal data after contract termination, as they do not meet the criteria of necessity, relevance or justification. For the purpose of medical research, the organization would need to obtain the consent of the customer or have another legal basis for processing their personal data for a different purpose than the original contract. A forthcoming campaign to win back customers or ease of onboarding when the customer returns are not legitimate purposes for retaining customer data after contract termination, as they are not related to the original contract and may violate the customer’s privacy rights and preferences. , p. 99-100

Reference: CDPSE Review Manual (Digital Version)

Question #64

Which of the following is the BEST approach for a local office of a global organization faced with multiple privacy-related compliance requirements?

A . Focus on developing a risk action plan based on audit reports.
B . Focus on requirements with the highest organizational impact.
C . Focus on global compliance before meeting local requirements.
D . Focus on local standards before meeting global compliance.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The best approach for a local office of a global organization faced with multiple privacy-related compliance requirements is to focus on the requirements with the highest organizational impact, because this will help prioritize the most critical and urgent privacy issues and risks that may affect the organization’s reputation, operations, or legal obligations. Focusing on the highest impact requirements will also help allocate the resources and efforts more efficiently and effectively, as well as align the local office’s privacy practices with the global organization’s objectives and strategies12.

Reference: CDPSE Exam Content Outline, Domain 1 C Privacy Governance (Governance, Management & Risk Management), Task 3: Participate in the evaluation of privacy policies, programs and policies for their alignment with legal requirements, regulatory requirements and/or industry best practices3. CDPSE Review Manual, Chapter 1 C Privacy Governance, Section 1.2 C Privacy Policy4.

Question #65

Which of the following is the MOST important consideration when writing an organization’s privacy policy?

A . Using a standardized business taxonomy
B . Aligning statements to organizational practices
C . Ensuring acknowledgment by the organization’s employees
D . Including a development plan for personal data handling

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The most important consideration when writing an organization’s privacy policy is to align the statements to the organizational practices, because this will help ensure that the policy is accurate, consistent, and transparent. A privacy policy is a document that explains how the organization collects, uses, discloses, and protects personal data from its customers, employees, partners, and other stakeholders. A privacy policy should reflect the actual data processing activities and privacy measures of the organization, as well as comply with the applicable laws and regulations. A privacy policy that is not aligned with the organizational practices may lead to confusion, mistrust, or legal liability12.

Reference: CDPSE Review Manual, Chapter 1 C Privacy Governance, Section 1.2 C Privacy Policy3. CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 1 C Privacy Governance, Section 1.2 C Data Privacy Laws and Regulations4.

Question #66

Which of the following BEST supports an organization’s efforts to create and maintain desired privacy protection practices among employees?

A . Skills training programs
B . Awareness campaigns
C . Performance evaluations
D . Code of conduct principles

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Awareness campaigns are initiatives that aim to educate and inform employees about the importance of privacy protection, the organization’s privacy policies and procedures, the applicable laws and regulations, and the best practices and behaviors to safeguard personal data. Awareness campaigns can support an organization’s efforts to create and maintain desired privacy protection practices among employees by raising their awareness, understanding and commitment to privacy, as well as by influencing their attitudes, values and culture. Awareness campaigns can use various methods and channels, such as posters, newsletters, videos, webinars, quizzes, games or events, to deliver consistent and engaging messages to the target audience. The other options are not the best ways to support an organization’s efforts to create and maintain desired privacy protection practices among employees. Skills training programs are focused on developing specific technical or functional skills related to privacy, but they may not address the broader aspects of privacy awareness or culture. Performance evaluations are focused on measuring and rewarding individual or team performance based on predefined criteria or objectives, but they may not reflect the actual level of privacy awareness or practice. Code of conduct principles are focused on establishing and enforcing ethical standards and rules of behavior for employees, but they may not be sufficient to create or maintain privacy awareness or practice without effective communication and education1, p. 103-104

Reference: 1: CDPSE Review Manual (Digital Version)

Question #67

Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?

A . Degaussing the drive
B . Factory resetting the drive
C . Crypto-shredding the drive
D . Reformatting the drive

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Reference: https://allgreenrecycling.com/what-is-data-destruction/

Degaussing is a hard drive sanitation method that uses a powerful magnetic field to erase or destroy the data stored on a magnetic disk or tape. Degaussing provides an organization with the greatest level of assurance that data has been permanently erased, as it renders the data unrecoverable by any means and also damages the drive itself, making it unusable for future storage. The other options are not as effective as degaussing in ensuring permanent data erasure. Factory resetting is a hard drive sanitation method that restores the drive to its original settings and deletes the user data, but it may leave some traces of data that can be recovered by forensic tools or software. Crypto-shredding is a hard drive sanitation method that encrypts the data on the drive and then deletes the encryption key, making the data inaccessible, but it may not erase the data completely or prevent unauthorized access if the key is compromised or recovered. Reformatting is a hard drive sanitation method that changes the file system or structure of the drive and deletes the data, but it may not overwrite the data entirely or prevent data recovery by advanced tools or techniques1, p. 93-94

Reference: 1: CDPSE Review Manual (Digital Version)

Question #68

Which of the following describes a user’s “right to be forgotten”?

A . The data is being used to comply with legal obligations or the public interest.
B . The data is no longer required for the purpose originally collected.
C . The individual objects despite legitimate grounds for processing.
D . The individual’s legal residence status has recently changed.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The right to be forgotten is a privacy right that allows individuals to request the deletion or removal of their personal data from a data controller’s records or systems under certain conditions. One of these conditions is when the data is no longer required for the purpose originally collected, meaning that the data has become obsolete, irrelevant or excessive for fulfilling the initial purpose for which it was obtained or processed by the data controller. The other options are not valid conditions for exercising the right to be forgotten. The data is being used to comply with legal obligations or public interest is an exception that may prevent the data controller from deleting or removing the data upon request, as there may be overriding legitimate grounds for retaining the data for legal compliance or public interest reasons. The individual objects despite legitimate grounds for processing is a condition for exercising the right to object, not the right to be forgotten, which allows individuals to oppose the processing of their personal data based on their particular situation or for direct marketing purposes. The individual’s legal residence status has recently changed is not a relevant factor for exercising the right to be forgotten, as it does not affect the necessity or relevance of the data for its original purpose1, p. 107-108

Reference: 1: CDPSE Review Manual (Digital Version)

Question #69

When choosing data sources to be used within a big data architecture, which of the following data attributes MUST be considered to ensure data is not aggregated?

A . Accuracy
B . Granularity
C . Consistency
D . Reliability

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Reference: https://www.techopedia.com/definition/31722/granular-data

Granularity is the level of detail or specificity of the data. Data that is not aggregated is data that has a high level of granularity, meaning it contains more information and can be analyzed in more ways.

Data that is aggregated is data that has a low level of granularity, meaning it has been summarized or combined and has lost some information. Therefore, when choosing data sources to be used within a big data architecture, the granularity of the data must be considered to ensure data is not aggregated.

Reference: Data Visualization Part 4: aggregation and granularity | by Kristi Pelzel | Upskilling | Medium

Data Prep 101: What is an aggregate function and how do you combine aggregated data? – Tableau Understanding Aggregation and Granularity in Data Analysis with Real World Examples | by Usha Vivek | Medium

Question #70

Which of the following should be used to address data kept beyond its intended lifespan?

A . Data minimization
B . Data anonymization
C . Data security
D . Data normalization

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/data-minimisation/

Data minimization is a privacy principle that requires limiting the collection, storage and processing of personal data to what is necessary and relevant for the intended purposes. Data minimization should be used to address data kept beyond its intended lifespan, as it helps to reduce the amount of data that is stored or retained, and to delete or dispose of data that is no longer needed or justified. Data minimization also reduces the privacy risks and costs associated with data storage and retention, such as data breaches, unauthorized access, misuse or loss of data. The other options are not effective ways to address data kept beyond its intended lifespan. Data anonymization is a technique that removes or modifies all identifiers in a data set to prevent or limit the identification of the data subjects, but it does not address the issue of data retention or deletion. Data security is a process of applying technical, administrative and physical measures to protect the confidentiality, integrity and availability of data, but it does not address the issue of data retention or deletion. Data normalization is a technique that organizes the data in a database to reduce redundancy and improve consistency, but it does not address the issue of data retention or deletion1, p. 75-76

Reference: 1: CDPSE Review Manual (Digital Version)

Question #71

Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?

A . Compartmentalizing resource access
B . Regular testing of system backups
C . Monitoring and reviewing remote access logs
D . Regular physical and remote testing of the incident response plan

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Compartmentalizing resource access is a security technique that divides a system or network into separate segments or zones with different levels of access and control, based on the sensitivity and value of the data or resources. Compartmentalizing resource access would most effectively reduce the impact of a successful breach through a remote access solution, as it would limit the scope and extent of the breach, and prevent unauthorized access to other segments or zones that contain more critical or sensitive data or resources. The other options are not as effective as compartmentalizing resource access in reducing the impact of a successful breach through a remote access solution. Regular testing of system backups is a security technique that verifies the availability and recoverability of data in case of a system failure or disaster, but it does not prevent or limit unauthorized access to data. Monitoring and reviewing remote access logs is a security technique that records and analyzes the activities and events related to remote access sessions, but it does not prevent or limit unauthorized access to data. Regular physical and remote testing of the incident response plan is a security technique that evaluates and improves the readiness and effectiveness of an organization’s response to security incidents, but it does not prevent or limit unauthorized access to data1, p. 91-92

Reference: 1: CDPSE Review Manual (Digital Version)

Question #72

A multinational corporation is planning a big data initiative to help with critical business decisions.

Which of the following is the BEST way to ensure personal data usage is standardized across the entire organization?

A . De-identify all data.
B . Develop a data dictionary.
C . Encrypt all sensitive data.
D . Perform data discovery.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

A data dictionary is a document that defines and describes the data elements, attributes, formats, sources, destinations, purposes and relationships of a data set or system. A data dictionary would be the best way to ensure personal data usage is standardized across the entire organization, as it would provide a common and consistent understanding and reference for how personal data is collected, used, disclosed and transferred within and outside the organization. A data dictionary would also help to ensure compliance with privacy principles, such as accuracy, transparency and accountability. The other options are not as effective as developing a data dictionary in ensuring personal data usage is standardized across the entire organization. De-identify all data is a technique that removes or modifies direct and indirect identifiers in a data set to prevent or limit the identification of the data subjects, but it does not ensure standardization or consistency of personal data usage across the organization. Encrypt all sensitive data is a technique that transforms plain text data into cipher text using an algorithm and a key, making it unreadable by unauthorized parties, but it does not ensure standardization or consistency of personal data usage across the organization. Perform data discovery is a process of identifying and locating personal data within an organization’s systems, databases, applications or files, but it does not ensure standardization or consistency of personal data usage across the organization1, p. 69-70 References: 1: CDPSE Review Manual (Digital Version)

Question #73

An organization’s data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?

A . Low-level formatting
B . Remote partitioning
C . Degaussing
D . Hammer strike

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Degaussing is a hard drive sanitation method that uses a powerful magnetic field to erase or destroy the data stored on a magnetic disk or tape. Degaussing should be used to sanitize hard drives containing personal data prior to being crushed, as it provides an additional layer of assurance that data has been permanently erased and cannot be recovered by any means. Degaussing also damages the drive itself, making it unusable for future storage. The other options are not effective or necessary hard drive sanitation methods prior to being crushed. Low-level formatting is a hard drive sanitation method that erases the data and the partition table on the drive, but it may leave some traces of data that can be recovered by forensic tools or software. Remote partitioning is a hard drive sanitation method that creates separate logical sections on the drive, but it does not erase or destroy the data on the drive. Hammer strike is a hard drive sanitation method that physically damages the drive by hitting it with a hammer, but it may not erase or destroy the data completely or prevent data recovery by advanced tools or techniques1, p. 93-94

Reference: 1: CDPSE Review Manual (Digital Version)

Question #74

Which of the following processes BEST enables an organization to maintain the quality of personal data?

A . Implementing routine automatic validation
B . Maintaining hashes to detect changes in data
C . Encrypting personal data at rest
D . Updating the data quality standard through periodic review

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The best way to maintain the quality of personal data is to implement routine automatic validation, which is a process of checking the accuracy, completeness, consistency, and timeliness of the data using automated tools or scripts. Routine automatic validation can help identify and correct any errors, anomalies, or discrepancies in the data, as well as ensure that the data meets the specified quality standards and requirements. Routine automatic validation can also help improve the efficiency and reliability of the data processing and analysis12.

Reference: CDPSE Exam Content Outline, Domain 3 C Data Lifecycle (Data Quality), Task 2: Implement data quality measures3.

CDPSE Review Manual, Chapter 3 C Data Lifecycle, Section 3.2 C Data Quality4.

Question #75

Which of the following is the MOST important consideration when determining retention periods for personal data?

A . Sectoral best practices for the industry
B . Notice provided to customers during data collection
C . Data classification standards
D . Storage capacity available for retained data

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

The notice provided to customers during data collection is the most important consideration when determining retention periods for personal data, as it reflects the transparency and accountability principles of privacy and the expectations and preferences of the data subjects. The notice should inform the customers about the purposes and legal bases of the data processing, the rights and choices of the customers, and the safeguards and measures to protect the data, including how long the data will be kept and when it will be deleted or disposed of. The notice should also be consistent with the applicable laws and regulations that may prescribe or limit the retention periods for certain types of personal data. The other options are not as important as the notice provided to customers during data collection when determining retention periods for personal data. Sectoral best practices for the industry may provide some guidance or benchmarks for retention periods, but they may not reflect the specific context or needs of the organization or the customers. Data classification standards may help to categorize data according to its sensitivity and value, but they may not indicate how long the data should be retained or deleted. Storage capacity available for retained data may affect the feasibility or cost of retaining data, but it should not determine or override the retention periods based on privacy principles, laws or customer expectations1, p. 99-100

Reference: 1: CDPSE Review Manual (Digital Version)

Question #76

What is the BEST method to protect customers’ personal data that is forwarded to a central system for analysis?

A . Pseudonymization
B . Deletion
C . Encryption
D . Anonymization

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Pseudonymization is a technique that replaces direct identifiers in a data set with pseudonyms or artificial identifiers that do not reveal the identity of the data subjects. Pseudonymization is the best method to protect customers’ personal data that is forwarded to a central system for analysis, as it reduces the linkability of the data set with the original identity of the customers and thus enhances the privacy and security of the data. Pseudonymization also preserves some characteristics or patterns of the original data that can be used for analysis or research purposes, without compromising the accuracy or quality of the results. The other options are not as effective as pseudonymization in protecting customers’ personal data that is forwarded to a central system for analysis. Deletion is a technique that removes or destroys data from a storage device or media to prevent unauthorized access or recovery of the data, but it does not allow for any analysis or research purposes. Encryption is a technique that transforms plain text data into cipher text using an algorithm and a key, making it unreadable by unauthorized parties, but it does not reduce the linkability of the data set with the original identity of the customers and may require additional security measures to protect the encryption keys or certificates. Anonymization is a technique that removes or modifies all identifiers in a data set to prevent or limit the identification of the data subjects, but it may affect the accuracy or quality of the analysis or research results, as some characteristics or patterns of the original data may be lost or distorted1, p. 74-75

Reference: 1: CDPSE Review Manual (Digital Version)

Question #77

Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?

A . Develop a data migration plan.
B . Conduct a legitimate interest analysis (LIA).
C . Perform a privacy impact assessment (PIA).
D . Obtain consent from data subjects.

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

A privacy impact assessment (PIA) is a systematic process to identify and evaluate the potential privacy impacts of a system, project, program or initiative that involves the collection, use, disclosure or retention of personal data. A PIA should be done first to address privacy risk when migrating customer relationship management (CRM) data to a new system, as it would help to ensure that privacy risks are identified and mitigated before the migration is executed. A PIA would also help to ensure compliance with privacy principles, laws and regulations, and alignment with customer expectations and preferences. The other options are not as important as performing a PIA when addressing privacy risk when migrating CRM data to a new system. Developing a data migration plan is a process of defining and documenting the objectives, scope, approach, methods and steps for transferring data from one system to another, but it does not necessarily address privacy risk or impact. Conducting a legitimate interest analysis (LIA) is a process of assessing whether there is a legitimate interest for processing personal data that outweighs the rights and interests of the data subjects, but it is only applicable in certain jurisdictions and situations where legitimate interest is a valid legal basis for processing. Obtaining consent from data subjects is a process of obtaining their permission or agreement before collecting, using, disclosing or transferring their personal data for specific purposes, but it may not be required or sufficient for migrating CRM data to a new system, depending on the context and nature of the migration and the applicable laws and regulations1, p. 67

Reference: 1: CDPSE Review Manual (Digital Version)

Question #78

Which of the following is the GREATEST obstacle to conducting a privacy impact assessment (PIA)?

A . Conducting a PIA requires significant funding and resources.
B . PIAs need to be performed many times in a year.
C . The organization lacks knowledge of PIA methodology.
D . The value proposition of a PIA is not understood by management.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The value proposition of a PIA is not understood by management is the greatest obstacle to conducting a PIA, as it may result in lack of support, funding, resources or commitment for the PIA process and outcomes. Management may not appreciate or recognize the benefits of a PIA, such as enhancing privacy protection, reducing privacy risks and costs, increasing customer trust and satisfaction, and complying with privacy laws and regulations. Management may also perceive a PIA as a burden, a delay or a hindrance to the system or project development and delivery. The other options are not as significant as the value proposition of a PIA is not understood by management as obstacles to conducting a PIA. Conducting a PIA requires significant funding and resources is an obstacle to conducting a PIA, but it may be overcome by demonstrating the return on investment or the cost-benefit analysis of a PIA. PIAs need to be performed many times in a year is an obstacle to conducting a PIA, but it may be mitigated by adopting a scalable or modular approach to PIAs that can be tailored to different types or levels of systems or projects. The organization lacks knowledge of PIA methodology is an obstacle to conducting a PIA, but it may be resolved by acquiring or developing the necessary skills, tools or guidance for performing PIAs1, p. 67-68

Reference: 1: CDPSE Review Manual (Digital Version)

Question #79

Which of the following is the MOST important consideration to ensure privacy when using big data analytics?

A . Maintenance of archived data
B . Disclosure of how the data is analyzed
C . Transparency about the data being collected
D . Continuity with business requirements

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/an-ethical-approach-to-data-privacy-protection

The most important consideration to ensure privacy when using big data analytics is C. Transparency

about the data being collected.

A comprehensive explanation is:

Big data analytics involves the processing of large and complex data sets to extract valuable insights and patterns that can support decision making, innovation, and optimization. However, big data analytics also poses significant challenges and risks for the privacy of individuals and groups whose data is collected, stored, analyzed, and shared. Therefore, it is essential to adopt appropriate measures and principles to protect the privacy of big data while still enabling its beneficial use. One of the key measures and principles for ensuring privacy when using big data analytics is transparency. Transparency means that the data collectors and processors inform the data subjects (the individuals or groups whose data is involved) about what data is being collected, how it is collected, why it is collected, how it is used, who it is shared with, what are the benefits and risks, and what are the rights and choices of the data subjects. Transparency also means that the data collectors and processors are accountable for their actions and comply with the relevant laws, regulations, standards, and ethical guidelines.

Transparency is important for ensuring privacy when using big data analytics for several reasons. First, transparency respects the dignity and autonomy of the data subjects by acknowledging their interests and preferences regarding their personal data. Second, transparency fosters trust and confidence between the data subjects and the data collectors and processors by providing clear and accurate information and communication. Third, transparency enables informed consent and participation of the data subjects by giving them the opportunity to understand and agree to the data collection and use or to opt out or object if they wish. Fourth, transparency facilitates oversight and governance of the big data practices by allowing external audits, reviews, complaints, and remedies.

Some examples of how transparency can be implemented in big data analytics are:

Providing clear and concise privacy notices or policies that explain what data is being collected, how it is collected, why it is collected, how it is used, who it is shared with, what are the benefits and risks, and what are the rights and choices of the data subjects.

Obtaining explicit or implicit consent from the data subjects before collecting or using their data, or providing them with easy ways to opt out or object if they do not consent.

Implementing privacy by design and by default principles that ensure that privacy is considered and integrated throughout the entire lifecycle of big data analytics, from planning to implementation to evaluation.

Adopting privacy-enhancing technologies (PETs) that minimize or anonymize the personal data collected or used in big data analytics, or that enable secure encryption, pseudonymization, or aggregation of the data.

Establishing privacy governance frameworks that define the roles and responsibilities of the different actors involved in big data analytics, such as data owners, collectors, processors, analysts, users, regulators, auditors, etc., and that specify the rules and standards for privacy protection.

Conducting privacy impact assessments (PIAs) that identify and evaluate the potential privacy risks and benefits of big data analytics projects or initiatives, and that propose measures to mitigate or avoid the risks and enhance or maximize the benefits.

Providing mechanisms for feedback, consultation, participation, or co-creation of the data subjects in

big data analytics projects or initiatives, such as surveys, focus groups, workshops, forums, etc. Enabling access, correction, deletion, portability, or restriction of the personal data of the data subjects upon their request or demand.

Reporting on the outcomes and impacts of big data analytics projects or initiatives to the relevant stakeholders, such as the data subjects, regulators, customers, partners, society at large etc., in a transparent and accountable manner.

Maintenance of archived data (A), disclosure of how the data is analyzed (B), and continuity with

business requirements (D) are also important considerations for ensuring privacy when using big

data analytics. However they are not as important as transparency about the data being collected ©.

Maintenance of archived data involves ensuring that the personal data stored in backup systems or

historical records is protected from unauthorized access, modification or deletion. Disclosure of how

the data is analyzed involves explaining the methods, techniques, tools, and algorithms used to

process and interpret the personal data. Continuity with business requirements involves aligning the

objectives, scope, and outcomes of big data analytics with the expectations, needs, and values of the

organization and its stakeholders. These considerations are more related to the technical, procedural,

and strategic aspects of ensuring that the personal data is processed in a secure, accurate, and

relevant manner, which are necessary but not sufficient conditions for achieving the privacy

protection of big data.

Reference: The Big Data World: Benefits, Threats and Ethical Challenges1

Big Data Privacy: A Technological Perspective And Review2 Big Data And Privacy What You Need To Know3

Question #80

An organization uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings.

Which of the following is the IT privacy practitioner’s BEST recommendation?

A . Anonymize personal data.
B . Discontinue the creation of profiles.
C . Implement strong access controls.
D . Encrypt data at rest.

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Anonymization is a technique that removes or modifies all identifiers in a data set to prevent or limit the identification of the data subjects. Anonymization is the IT privacy practitioner’s best recommendation for an organization that uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings, as it would protect the privacy of the customers by reducing the linkability of the data set with their original identity, and also comply with the data minimization principle that requires limiting the collection, storage and processing of personal data to what is necessary and relevant for the intended purposes. Anonymization would also preserve some characteristics or patterns of the original data that can be used for analysis or customization purposes, without compromising the accuracy or quality of the results. The other options are not as effective as anonymization in this situation. Discontinuing the creation of profiles is not a feasible or desirable option, as it would prevent the organization from achieving its business objectives and providing value to its customers. Implementing strong access controls is a security measure that restricts who can access, view or modify the data, but it does not address the issue of collecting or retaining more personal data than necessary or relevant. Encrypting data at rest is a security measure that transforms plain text data into cipher text using an algorithm and a key, making it unreadable by unauthorized parties, but it does not address the issue of collecting or retaining more personal data than necessary or relevant, and may require additional security measures to protect the encryption keys or certificates1, p. 75-76

Reference: 1: CDPSE Review Manual (Digital Version)

Question #81

When a government’s health division established the complete privacy regulation for only the health market, which privacy protection reference model is being used?

A . Co-regulatory
B . Sectoral
C . Comprehensive
D . Self-regulatory

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Sectoral is a privacy protection reference model that refers to a system of laws and regulations that apply to specific sectors or industries within a jurisdiction, such as health, finance, education or telecommunications. Sectoral privacy protection is typically characterized by having different rules and standards for different types of personal data or data processing activities, depending on the sensitivity and value of the data or the impact and risk of the processing. When a government’s health division established the complete privacy regulation for only the health market, it is using a sectoral privacy protection reference model, as it is addressing the specific needs and challenges of the health sector in terms of privacy protection. The other options are not applicable in this scenario. Co-regulatory is a privacy protection reference model that refers to a system of laws and regulations that are supplemented by self-regulation mechanisms, such as codes of conduct, standards or certification schemes, developed by industry associations or professional bodies with oversight from government agencies or regulators. Comprehensive is a privacy protection reference model that refers to a system of laws and regulations that apply to all sectors and industries within a jurisdiction, regardless of the type or nature of personal data or data processing activities. Self-regulatory is a privacy protection reference model that refers to a system of laws and regulations that rely on voluntary compliance by organizations with their own policies and procedures, without any external oversight or enforcement from government agencies or regulators1, p. 63-64

Reference: 1: CDPSE Review Manual (Digital Version)

Question #82

An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users.

Which of the following is the MOST legitimate information to collect for business reasons in this situation?

A . Height, weight, and activities
B . Sleep schedule and calorie intake
C . Education and profession
D . Race, age, and gender

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Height, weight, and activities are the most legitimate information to collect for business reasons in this situation, as they are directly related to the purpose and functionality of a wellness smartwatch application that aims to monitor and improve the health and fitness of its users. Collecting height, weight, and activities would also comply with the data minimization principle that requires limiting the collection, storage and processing of personal data to what is necessary and relevant for the intended purposes. The other options are not legitimate information to collect for business reasons in this situation, as they are not related to the purpose and functionality of a wellness smartwatch application and may violate the privacy rights and preferences of its users. Collecting sleep schedule and calorie intake may be useful for some users who want to track their sleep quality and nutrition intake, but they are not essential for a wellness smartwatch application and may require additional consent or justification from the users. Collecting education and profession may be irrelevant for a wellness smartwatch application and may be used for other purposes, such as marketing or profiling, without the consent or knowledge of the users. Collecting race, age, and gender may be sensitive for some users who do not want to disclose their personal characteristics or identity, and may require additional safeguards or measures to protect their privacy1, p. 75-76

Reference: 1: CDPSE Review Manual (Digital Version)

Question #83

Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?

A . Perform a privacy risk audit.
B . Conduct a privacy risk assessment.
C . Validate a privacy risk attestation.
D . Conduct a privacy risk remediation exercise.

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

A privacy risk assessment is a process of identifying, analyzing and evaluating the privacy risks associated with the collection, use, disclosure or retention of personal data. A privacy risk assessment is the best way to distinguish between a privacy risk and compliance risk, as it would help to determine the likelihood and impact of privacy incidents or breaches that could affect the rights and interests of the data subjects, as well as the legal obligations and responsibilities of the organization. A privacy risk assessment would also help to identify and implement appropriate controls and measures to mitigate or reduce the privacy risks and ensure compliance with privacy principles, laws and regulations. The other options are not as effective as conducting a privacy risk assessment in distinguishing between a privacy risk and compliance risk. Performing a privacy risk audit is a process of verifying and validating the effectiveness and adequacy of the privacy controls and measures implemented by the organization, but it does not necessarily identify or evaluate the privacy risks or compliance risks. Validating a privacy risk attestation is a process of confirming and certifying the accuracy and completeness of the privacy information or statements provided by the organization, but it does not necessarily identify or evaluate the privacy risks or compliance

risks. Conducting a privacy risk remediation exercise is a process of implementing corrective actions or improvements to address the identified or reported privacy risks or compliance risks, but it does not necessarily distinguish between them1, p. 66-67

Reference: 1: CDPSE Review Manual (Digital Version)

Question #84

It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?

A . Application design
B . Requirements definition
C . Implementation
D . Testing

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Requirements definition is a phase of the software development life cycle (SDLC) that involves gathering, analyzing and documenting the functional and non-functional requirements of the software system or application, such as features, performance, security and usability. It is most important to consider privacy by design principles during this phase, as it would help to ensure that privacy is embedded and integrated into the software system or application from the outset, rather than as an afterthought or an add-on. Considering privacy by design principles during requirements definition would also help to avoid costly rework or delays later in the SDLC, as well as to enhance customer trust and satisfaction, and comply with privacy laws and regulations. The other options are not as important as requirements definition in considering privacy by design principles. Application design is a phase of the SDLC that involves creating and specifying the architecture, components, interfaces and data models of the software system or application, based on the requirements defined in the previous phase. Implementation is a phase of the SDLC that involves coding, testing and debugging the software system or application, based on the design specifications created in the previous phase. Testing is a phase of the SDLC that involves verifying and validating that the software system or application meets the requirements and expectations of the users and stakeholders, as well as identifying and fixing any defects or errors1, p. 88-89

Reference: 1: CDPSE Review Manual (Digital Version)

Question #85

Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?

A . To identify controls to mitigate data privacy risks
B . To classify personal data according to the data classification scheme
C . To assess the risk associated with personal data usage
D . To determine the service provider’s ability to maintain data protection controls

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

A primary objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system is to identify controls to mitigate data privacy risks, such as data breaches, unauthorized access, misuse or loss of data. A PIA would help to evaluate the potential privacy impacts of using a new SaaS provider for CRM data processing activities, such as collecting, storing, analyzing or transferring customer data, and to implement appropriate controls to mitigate those impacts, such as encryption, access control, backup, audit trail or contractual clauses. A PIA would also help to ensure compliance with privacy principles, laws and regulations, and alignment with customer expectations and preferences. The other options are not primary objectives of performing a PIA prior to onboarding a new SaaS provider for CRM data processing activities. Classifying personal data according to the data classification scheme is an activity that may be part of a PIA process, but it is not an objective in itself. Assessing the risk associated with personal data usage is an activity that may be part of a PIA process, but it is not an objective in itself. Determining the service provider’s ability to maintain data protection controls is an activity that may be part of a PIA process, but it is not an objective in itself1, p. 67

Reference: 1: CDPSE Review Manual (Digital Version)