What is most critical when outsourcing data destruction service?
D
Which of the following best supports implementing controls to bring privacy policies into effect?
A
A minimum requirement for carrying out a Data Protection Impact Assessment (DPIA) would
include?
C
Your company wants to convert paper records that contain customer personal information into
electronic form, upload the records into a new third-party marketing tool and then merge the
customer personal information in the marketing tool with information from other applications.
As the Privacy Officer, which of the following should you complete to effectively make these
changes?
B
When devising effective employee policies to address a particular issue, which of the following
should be included in the first draft?
B
Which of the following actions is NOT required during a data privacy diligence process for Merger &
Acquisition (M&A) deals?
D
When building a data privacy program, what is a good starting point to understand the scope of
privacy program needs?
C
When supporting the business and data privacy program expanding into a new jurisdiction, it is
important to do all of the following EXCEPT?
D
Which of the following is NOT an important factor to consider when developing a data retention
policy?
A
Which of the following helps build trust with customers and stakeholders?
C
Which of the following is the optimum first step to take when creating a Privacy Officer governance
model?
C
Which of the documents below assists the Privacy Manager in identifying and responding to a
request from an individual about what personal information the organization holds about then with
whom the information is shared?
C
SCENARIO
Please use the following to answer the next QUESTION:
Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new
privacy officer. The company is based in California but thanks to some great publicity from a social
media influencer last year, the company has received an influx of sales from the EU and has set up a
regional office in Ireland to support this expansion. To become familiar with Ace Spaces practices
and assess what her privacy priorities will be, Penny has set up meetings with a number of
colleagues to hear about the work that they have been doing and their compliance efforts.
Pennys colleague in Marketing is excited by the new sales and the companys plans, but is also
concerned that Penny may curtail some of the growth opportunities he has planned. He tells her I
heard someone in the breakroom talking about some new privacy laws but I really dont think it
affects us. Were just a small company. I mean we just sell accessories online, so whats the real
risk? He has also told her that he works with a number of small companies that help him get
projects completed in a hurry. Weve got to meet our deadlines otherwise we lose money. I just sign
the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes
time that we just dont have.
In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken
a number of precautions to protect its website from malicious activity, it has not taken the same level
of care of its physical files or internal infrastructure. Pennys colleague in IT has told her that a former
employee lost an encrypted USB key with financial data on it when he left. The company nearly lost
access to their customer database last year after they fell victim to a phishing attack. Penny is told by
her IT colleague that the IT team didnt know what to do or who should do what. We hadnt been
trained on it but were a small team though, so it worked out OK in the end. Penny is concerned that
these issues will compromise Ace Spaces privacy and data protection.
Penny is aware that the company has solid plans to grow its international sales and will be working
closely with the CEO to give the organization a data shake up. Her mission is to cultivate a strong
privacy culture within the company.
Penny has a meeting with Ace Spaces CEO today and has been asked to give her first impressions
and an overview of her next steps.
What information will be LEAST crucial from a privacy perspective in Pennys review of vendor
contracts?
C
SCENARIO
Please use the following to answer the next QUESTION:
Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new
privacy officer. The company is based in California but thanks to some great publicity from a social
media influencer last year, the company has received an influx of sales from the EU and has set up a
regional office in Ireland to support this expansion. To become familiar with Ace Spaces practices
and assess what her privacy priorities will be, Penny has set up meetings with a number of
colleagues to hear about the work that they have been doing and their compliance efforts.
Pennys colleague in Marketing is excited by the new sales and the companys plans, but is also
concerned that Penny may curtail some of the growth opportunities he has planned. He tells her I
heard someone in the breakroom talking about some new privacy laws but I really dont think it
affects us. Were just a small company. I mean we just sell accessories online, so whats the real
risk? He has also told her that he works with a number of small companies that help him get
projects completed in a hurry. Weve got to meet our deadlines otherwise we lose money. I just sign
the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes
time that we just dont have.
In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken
a number of precautions to protect its website from malicious activity, it has not taken the same level
of care of its physical files or internal infrastructure. Pennys colleague in IT has told her that a former
employee lost an encrypted USB key with financial data on it when he left. The company nearly lost
access to their customer database last year after they fell victim to a phishing attack. Penny is told by
her IT colleague that the IT team didnt know what to do or who should do what. We hadnt been
trained on it but were a small team though, so it worked out OK in the end. Penny is concerned that
these issues will compromise Ace Spaces privacy and data protection.
Penny is aware that the company has solid plans to grow its international sales and will be working
closely with the CEO to give the organization a data shake up. Her mission is to cultivate a strong
privacy culture within the company.
Penny has a meeting with Ace Spaces CEO today and has been asked to give her first impressions
and an overview of her next steps.
What is the best way for Penny to understand the location, classification and processing purpose of
the personal data Ace Space has?
B
SCENARIO
Please use the following to answer the next QUESTION:
Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new
privacy officer. The company is based in California but thanks to some great publicity from a social
media influencer last year, the company has received an influx of sales from the EU and has set up a
regional office in Ireland to support this expansion. To become familiar with Ace Spaces practices
and assess what her privacy priorities will be, Penny has set up meetings with a number of
colleagues to hear about the work that they have been doing and their compliance efforts.
Pennys colleague in Marketing is excited by the new sales and the companys plans, but is also
concerned that Penny may curtail some of the growth opportunities he has planned. He tells her I
heard someone in the breakroom talking about some new privacy laws but I really dont think it
affects us. Were just a small company. I mean we just sell accessories online, so whats the real
risk? He has also told her that he works with a number of small companies that help him get
projects completed in a hurry. Weve got to meet our deadlines otherwise we lose money. I just sign
the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes
time that we just dont have.
In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken
a number of precautions to protect its website from malicious activity, it has not taken the same level
of care of its physical files or internal infrastructure. Pennys colleague in IT has told her that a former
employee lost an encrypted USB key with financial data on it when he left. The company nearly lost
access to their customer database last year after they fell victim to a phishing attack. Penny is told by
her IT colleague that the IT team didnt know what to do or who should do what. We hadnt been
trained on it but were a small team though, so
it worked out OK in the end. Penny is concerned that these issues will compromise Ace Spaces
privacy and data protection.
Penny is aware that the company has solid plans to grow its international sales and will be working
closely with the CEO to give the organization a data shake up. Her mission is to cultivate a strong
privacy culture within the company.
Penny has a meeting with Ace Spaces CEO today and has been asked to give her first impressions
and an overview of her next steps.
To establish the current baseline of Ace Spaces privacy maturity, Penny should consider all of the
following factors EXCEPT?
A