Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?

Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?
A . The organization lacks a hardware disposal policy.
B . Emails are not consistently encrypted when sent internally.
C . Privacy training is carried out by a service provider.
D . The organization’s privacy policy has not been reviewed in over a year.

View Answer

Answer: A

Explanation:

The scenario that poses the greatest risk to an organization from a privacy perspective is that the organization lacks a hardware disposal policy. A hardware disposal policy is a policy that defines how the organization should dispose of or destroy hardware devices that contain or process personal data, such as laptops, servers, hard drives, USBs, etc. A hardware disposal policy should ensure that personal data is securely erased or overwritten before the hardware device is discarded, recycled, donated, or sold. A hardware disposal policy should also comply with the applicable privacy regulations and standards that govern data retention and destruction. By lacking a hardware disposal policy, the organization exposes personal data to potential threats, such as theft, loss, or unauthorized access, use, disclosure, or transfer.

Reference: CDPSE Review Manual (Digital Version), page 123