Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?

Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?
A . Understanding the data flows within the organization
B . Implementing strong access controls on a need-to-know basis
C . Anonymizing privacy data during collection and recording
D . Encrypting the data throughout its life cycle

View Answer

Answer: A

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2010/data-governance-for-privacy-confidentiality-and-compliance-a-holistic-approach

The best way for an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services is to understand the data flows within the organization. Data flows are the paths or processes through which personal data moves within or outside the organization, from the point of collection to the point of disposal. Understanding the data flows helps to identify and analyze the privacy risks and impacts of data processing activities, such as data collection, storage, processing, sharing, and disposal. Understanding the data flows also helps to determine and apply the appropriate measures to protect personal data, such as data minimization, consent, access, rectification, erasure, portability, security, breach notification, etc. Understanding the data flows also helps to comply with the applicable privacy regulations and standards that govern data processing activities.

Reference: CDPSE Review Manual (Digital Version), page 97