Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?

A. Changes to current information architecture

B. Updates to data life cycle policy

C. Business impact due to the changes

D. Modifications to data quality standards

Which of the following is the PRIMARY reason to complete a privacy impact assessment (PIA)?

A. To comply with consumer regulatory requirements

B. To establish privacy breach response procedures

C. To classify personal data

D. To understand privacy risks

How can an organization BEST ensure its vendors are complying with data privacy requirements defined in their contracts?

A. Review self-attestations of compliance provided by vendor management.

B. Obtain independent assessments of the vendors' data management processes.

C. Perform penetration tests of the vendors' data security.

D. Compare contract requirements against vendor deliverables.

Which of the following should be of GREATEST concern when an organization wants to store personal data in the cloud?

A. The organization's potential legal liabilities related to the data

B. The data recovery capabilities of the storage provider

C. The data security policies and practices of the storage provider

D. Any vulnerabilities identified in the cloud system

Which of the following provides the BEST assurance that a potential vendor is able to comply with privacy regulations and the organization's data privacy policy?

A. Including mandatory compliance language in the request for proposal (RFP)

B. Conducting a risk assessment of all candidate vendors

C. Requiring candidate vendors to provide documentation of privacy processes

D. Obtaining self-attestations from all candidate vendors

Which of the following is MOST important to capture in the audit log of an application hosting personal data?

A. Last logins of privileged users

B. Last user who accessed personal data

C. Application error events

D. Server details of the hosting environment

A technology company has just launched a mobile application for tracking health symptoms. This application is built on a mobile device technology stack that allows users to share their location and details of their symptoms. Which of the following is the GREATEST privacy concern with collecting this data via mobile devices?

A. Client-side device ID

B. Data storage requirements

C. Encryption of key data elements

D. Data usage without consent

Which type of data is produced by using a more complex method of analytics to find correlations between data sets and using them to categorize or profile people?

A. Derived data

B. Observed data

C. Inferred data

D. Provided data

Which of the following is the MOST effective remote access model for reducing the likelihood of attacks originating from connecting devices?

A. Remote wide area network (WAN) links

B. Thin client remote desktop protocol (RDP)

C. Site-to-site virtual private network (VPN)

D. Thick client desktop with virtual private network (VPN) connection

Which of the following would BEST enable an organization to account for unstructured data?

A. Data dictionary

B. Data library

C. Data classification

D. Data flow map