ISACA CDPSE Certified Data Privacy Solutions Engineer Online Training

Question #71

Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?

A . Compartmentalizing resource access
B . Regular testing of system backups
C . Monitoring and reviewing remote access logs
D . Regular physical and remote testing of the incident response plan

Reveal Solution Hide Solution

Question #72

A multinational corporation is planning a big data initiative to help with critical business decisions.

Which of the following is the BEST way to ensure personal data usage is standardized across the entire organization?

A . De-identify all data.
B . Develop a data dictionary.
C . Encrypt all sensitive data.
D . Perform data discovery.

Reveal Solution Hide Solution

Question #73

An organization’s data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?

A . Low-level formatting
B . Remote partitioning
C . Degaussing
D . Hammer strike

Reveal Solution Hide Solution

Question #74

Which of the following processes BEST enables an organization to maintain the quality of personal data?

A . Implementing routine automatic validation
B . Maintaining hashes to detect changes in data
C . Encrypting personal data at rest
D . Updating the data quality standard through periodic review

Reveal Solution Hide Solution

Question #75

Which of the following is the MOST important consideration when determining retention periods for personal data?

A . Sectoral best practices for the industry
B . Notice provided to customers during data collection
C . Data classification standards
D . Storage capacity available for retained data

Reveal Solution Hide Solution

Question #76

What is the BEST method to protect customers’ personal data that is forwarded to a central system for analysis?

A . Pseudonymization
B . Deletion
C . Encryption
D . Anonymization

Reveal Solution Hide Solution

Question #77

Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?

A . Develop a data migration plan.
B . Conduct a legitimate interest analysis (LIA).
C . Perform a privacy impact assessment (PIA).
D . Obtain consent from data subjects.

Reveal Solution Hide Solution

Question #78

Which of the following is the GREATEST obstacle to conducting a privacy impact assessment (PIA)?

A . Conducting a PIA requires significant funding and resources.
B . PIAs need to be performed many times in a year.
C . The organization lacks knowledge of PIA methodology.
D . The value proposition of a PIA is not understood by management.

Reveal Solution Hide Solution

Question #79

Which of the following is the MOST important consideration to ensure privacy when using big data analytics?

A . Maintenance of archived data
B . Disclosure of how the data is analyzed
C . Transparency about the data being collected
D . Continuity with business requirements

Reveal Solution Hide Solution

Correct Answer: C
C

Explanation:

Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/an-ethical-approach-to-data-privacy-protection

The most important consideration to ensure privacy when using big data analytics is C. Transparency

about the data being collected.

A comprehensive explanation is:

Big data analytics involves the processing of large and complex data sets to extract valuable insights and patterns that can support decision making, innovation, and optimization. However, big data analytics also poses significant challenges and risks for the privacy of individuals and groups whose data is collected, stored, analyzed, and shared. Therefore, it is essential to adopt appropriate measures and principles to protect the privacy of big data while still enabling its beneficial use. One of the key measures and principles for ensuring privacy when using big data analytics is transparency. Transparency means that the data collectors and processors inform the data subjects (the individuals or groups whose data is involved) about what data is being collected, how it is collected, why it is collected, how it is used, who it is shared with, what are the benefits and risks, and what are the rights and choices of the data subjects. Transparency also means that the data collectors and processors are accountable for their actions and comply with the relevant laws, regulations, standards, and ethical guidelines.

Transparency is important for ensuring privacy when using big data analytics for several reasons. First, transparency respects the dignity and autonomy of the data subjects by acknowledging their interests and preferences regarding their personal data. Second, transparency fosters trust and confidence between the data subjects and the data collectors and processors by providing clear and accurate information and communication. Third, transparency enables informed consent and participation of the data subjects by giving them the opportunity to understand and agree to the data collection and use or to opt out or object if they wish. Fourth, transparency facilitates oversight and governance of the big data practices by allowing external audits, reviews, complaints, and remedies.

Some examples of how transparency can be implemented in big data analytics are:

Providing clear and concise privacy notices or policies that explain what data is being collected, how it is collected, why it is collected, how it is used, who it is shared with, what are the benefits and risks, and what are the rights and choices of the data subjects.

Obtaining explicit or implicit consent from the data subjects before collecting or using their data, or providing them with easy ways to opt out or object if they do not consent.

Implementing privacy by design and by default principles that ensure that privacy is considered and integrated throughout the entire lifecycle of big data analytics, from planning to implementation to evaluation.

Adopting privacy-enhancing technologies (PETs) that minimize or anonymize the personal data collected or used in big data analytics, or that enable secure encryption, pseudonymization, or aggregation of the data.

Establishing privacy governance frameworks that define the roles and responsibilities of the different actors involved in big data analytics, such as data owners, collectors, processors, analysts, users, regulators, auditors, etc., and that specify the rules and standards for privacy protection.

Conducting privacy impact assessments (PIAs) that identify and evaluate the potential privacy risks and benefits of big data analytics projects or initiatives, and that propose measures to mitigate or avoid the risks and enhance or maximize the benefits.

Providing mechanisms for feedback, consultation, participation, or co-creation of the data subjects in

big data analytics projects or initiatives, such as surveys, focus groups, workshops, forums, etc. Enabling access, correction, deletion, portability, or restriction of the personal data of the data subjects upon their request or demand.

Reporting on the outcomes and impacts of big data analytics projects or initiatives to the relevant stakeholders, such as the data subjects, regulators, customers, partners, society at large etc., in a transparent and accountable manner.

Maintenance of archived data (A), disclosure of how the data is analyzed (B), and continuity with

business requirements (D) are also important considerations for ensuring privacy when using big

data analytics. However they are not as important as transparency about the data being collected ©.

Maintenance of archived data involves ensuring that the personal data stored in backup systems or

historical records is protected from unauthorized access, modification or deletion. Disclosure of how

the data is analyzed involves explaining the methods, techniques, tools, and algorithms used to

process and interpret the personal data. Continuity with business requirements involves aligning the

objectives, scope, and outcomes of big data analytics with the expectations, needs, and values of the

organization and its stakeholders. These considerations are more related to the technical, procedural,

and strategic aspects of ensuring that the personal data is processed in a secure, accurate, and

relevant manner, which are necessary but not sufficient conditions for achieving the privacy

protection of big data.

Reference: The Big Data World: Benefits, Threats and Ethical Challenges1

Big Data Privacy: A Technological Perspective And Review2 Big Data And Privacy What You Need To Know3

Question #80

An organization uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings.

Which of the following is the IT privacy practitioner’s BEST recommendation?

A . Anonymize personal data.
B . Discontinue the creation of profiles.
C . Implement strong access controls.
D . Encrypt data at rest.

Reveal Solution Hide Solution