Which of the following is the IT privacy practitioner’s BEST recommendation?

An organization uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings.

Which of the following is the IT privacy practitioner’s BEST recommendation?
A . Anonymize personal data.
B . Discontinue the creation of profiles.
C . Implement strong access controls.
D . Encrypt data at rest.

Answer: A

Explanation:

Anonymization is a technique that removes or modifies all identifiers in a data set to prevent or limit the identification of the data subjects. Anonymization is the IT privacy practitioner’s best recommendation for an organization that uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings, as it would protect the privacy of the customers by reducing the linkability of the data set with their original identity, and also comply with the data minimization principle that requires limiting the collection, storage and processing of personal data to what is necessary and relevant for the intended purposes. Anonymization would also preserve some characteristics or patterns of the original data that can be used for analysis or customization purposes, without compromising the accuracy or quality of the results. The other options are not as effective as anonymization in this situation. Discontinuing the creation of profiles is not a feasible or desirable option, as it would prevent the organization from achieving its business objectives and providing value to its customers. Implementing strong access controls is a security measure that restricts who can access, view or modify the data, but it does not address the issue of collecting or retaining more personal data than necessary or relevant. Encrypting data at rest is a security measure that transforms plain text data into cipher text using an algorithm and a key, making it unreadable by unauthorized parties, but it does not address the issue of collecting or retaining more personal data than necessary or relevant, and may require additional security measures to protect the encryption keys or certificates1, p. 75-76

Reference: 1: CDPSE Review Manual (Digital Version)

Latest CDPSE Dumps Valid Version with 120 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments