Which of the following is MOST important when developing an organizational data privacy program?

Which of the following is MOST important when developing an organizational data privacy program?
A . Obtaining approval from process owners
B . Profiling current data use
C . Following an established privacy framework
D . Performing an inventory of all data

View Answer

Answer: C

Explanation:

Following an established privacy framework is the most important step when developing an organizational data privacy program because it provides a structured and consistent approach to identify, assess, and manage privacy risks and compliance obligations. A privacy framework can also help to align the privacy program with the organization’s strategic goals, values, and culture, as well as to communicate and demonstrate the privacy program’s effectiveness to internal and external stakeholders. Some examples of established privacy frameworks are the NIST Privacy Framework, the ISO/IEC 27701:2019, and the AICPA Privacy Maturity Model.

Reference: NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management, NIST ISO/IEC 27701:2019 Security techniques ― Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management ― Requirements and guidelines, ISO Privacy Maturity Model, AICPA