Which of the following is the BEST way to address this concern?

Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice.

Which of the following is the BEST way to address this concern?
A . Review the privacy policy.
B . Obtain independent assurance of current practices.
C . Re-assess the information security requirements.
D . Validate contract compliance.

View Answer

Answer: D

Explanation:

The best way to address the concern that data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice is to validate contract compliance. This means that the organization should verify that the third-party vendor is adhering to the terms and conditions of the contract, which should include clauses on data protection, privacy, and security. The contract should also specify the obligations and responsibilities of both parties regarding data collection, processing, storage, transfer, retention, and disposal. By validating contract compliance, the organization can ensure that the third-party vendor is following the same privacy standards and practices as the organization.

Reference: ISACA, CDPSE Review Manual 2021, Chapter 2: Privacy Governance, Section 2.3: Third-Party Management, p. 51-52.

ISACA, Data Privacy Audit/Assurance Program, Control Objective 8: Third-Party Management, p. 14-151