SCENARIO
Please use the following to answer the next QUESTIO N:
Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner,
Anton, has found some degree of disorganization after touring the company headquarters. His uncle
Henry had always focused on production – not data processing – and Anton is concerned. In several
storage rooms, he has found paper files, disks, and old computers that appear to contain the
personal data of current and former employees and customers. Anton knows that a single break-in
could irrevocably damage the company's relationship with its loyal customers. He intends to set a
goal of guaranteed zero loss of personal information.
To this end, Anton originally planned to place restrictions on who was admitted to the physical
premises of the company. However, Kenneth – his uncle's vice president and longtime confidante –
wants to hold off on Anton's idea in favor of converting any paper records held at the company to
electronic storage. Kenneth believes this process would only take one or two years. Anton likes this
idea; he envisions a password- protected system that only he and Kenneth can access.
Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job
easier, but it will simplify the management of the stored dat
a. The heads of subsidiaries like the art gallery and kitchenware store down the street will be
responsible for their own information management. Then, any unneeded subsidiary data still in
Anton's possession can be destroyed within the next few years.
After learning of a recent security incident, Anton realizes that another crucial step will be notifying
customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the
data was encrypted and not sensitive in nature. Anton does not want to take any chances, however.
He intends on sending notice letters to all employees and customers to be safe.
Anton must also check for compliance with all legislative, regulatory, and market requirements
related to privacy protection. Kenneth oversaw the development of the company's online presence
about ten years ago, but Anton is not confident about his understanding of recent online marketing
laws. Anton is assigning another trusted employee with a law background the task of the compliance
assessment. After a thorough analysis, Anton knows the company should be safe for another five
years, at which time he can order another check.
Documentation of this analysis will show auditors due diligence.
Anton has started down a long road toward improved management of the company, but he knows
the effort is worth it. Anton wants his uncle's legacy to continue for many years to come.
To improve the facility's system of data security, Anton should consider following through with the
plan for which of the following?
D
SCENARIO
Please use the following to answer the next QUESTIO N:
Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner,
Anton, has found some degree of disorganization after touring the company headquarters. His uncle
Henry had always focused on production – not data processing – and Anton is concerned. In several
storage rooms, he has found paper files, disks, and old computers that appear to contain the
personal data of current and former employees and customers. Anton knows that a single break-in
could irrevocably damage the company's relationship with its loyal customers. He intends to set a
goal of guaranteed zero loss of personal information.
To this end, Anton originally planned to place restrictions on who was admitted to the physical
premises of the company. However, Kenneth – his uncle's vice president and longtime confidante –
wants to hold off on Anton's idea in favor of converting any paper records held at the company to
electronic storage. Kenneth believes this process would only take one or two years. Anton likes this
idea; he envisions a password- protected system that only he and Kenneth can access.
Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job
easier, but it will simplify the management of the stored dat
a. The heads of subsidiaries like the art gallery and kitchenware store down the street will be
responsible for their own information management. Then, any unneeded subsidiary data still in
Anton's possession can be destroyed within the next few years.
After learning of a recent security incident, Anton realizes that another crucial step will be notifying
customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the
data was encrypted and not sensitive in nature. Anton does not want to take any chances, however.
He intends on sending notice letters to all employees and customers to be safe.
Anton must also check for compliance with all legislative, regulatory, and market requirements
related to privacy protection. Kenneth oversaw the development of the company's online presence
about ten years ago, but Anton is not confident about his understanding of recent online marketing
laws. Anton is assigning another trusted employee with a law background the task of the compliance
assessment. After a thorough analysis, Anton knows the company should be safe for another five
years, at which time he can order another check.
Documentation of this analysis will show auditors due diligence.
Anton has started down a long road toward improved management of the company, but he knows
the effort is worth it. Anton wants his uncle's legacy to continue for many years to come.
Which of Anton's plans for improving the data management of the company is most unachievable?
C
SCENARIO
Please use the following to answer the next QUESTIO N:
Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner,
Anton, has found some degree of disorganization after touring the company headquarters. His uncle
Henry had always focused on production – not data processing – and Anton is concerned. In several
storage rooms, he has found paper files, disks, and old computers that appear to contain the
personal data of current and former employees and customers. Anton knows that a single break-in
could irrevocably damage the company's
relationship with its loyal customers. He intends to set a goal of guaranteed zero loss of personal
information.
To this end, Anton originally planned to place restrictions on who was admitted to the physical
premises of the company. However, Kenneth – his uncle's vice president and longtime confidante –
wants to hold off on Anton's idea in favor of converting any paper records held at the company to
electronic storage. Kenneth believes this process would only take one or two years. Anton likes this
idea; he envisions a password- protected system that only he and Kenneth can access.
Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job
easier, but it will simplify the management of the stored dat
a. The heads of subsidiaries like the art gallery and kitchenware store down the street will be
responsible for their own information management. Then, any unneeded subsidiary data still in
Anton's possession can be destroyed within the next few years.
After learning of a recent security incident, Anton realizes that another crucial step will be notifying
customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the
data was encrypted and not sensitive in nature. Anton does not want to take any chances, however.
He intends on sending notice letters to all employees and customers to be safe.
Anton must also check for compliance with all legislative, regulatory, and market requirements
related to privacy protection. Kenneth oversaw the development of the company's online presence
about ten years ago, but Anton is not confident about his understanding of recent online marketing
laws. Anton is assigning another trusted employee with a law background the task of the compliance
assessment. After a thorough analysis, Anton knows the company should be safe for another five
years, at which time he can order another check.
Documentation of this analysis will show auditors due diligence.
Anton has started down a long road toward improved management of the company, but he knows
the effort is worth it. Anton wants his uncle's legacy to continue for many years to come.
Which important principle of Data Lifecycle Management (DLM) will most likely be compromised if
Anton executes his plan to limit data access to himself and Kenneth?
A
SCENARIO
Please use the following to answer the next QUESTIO N:
Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner,
Anton, has found some degree of disorganization after touring the company headquarters. His uncle
Henry had always focused on production – not data processing – and Anton is concerned. In several
storage rooms, he has found paper files, disks, and old computers that appear to contain the
personal data of current and former employees and customers. Anton knows that a single break-in
could irrevocably damage the company's relationship with its loyal customers. He intends to set a
goal of guaranteed zero loss of personal information.
To this end, Anton originally planned to place restrictions on who was admitted to the physical
premises of the company. However, Kenneth – his uncle's vice president and longtime confidante –
wants to hold off on Anton's idea in favor of converting any paper records held at the company to
electronic storage. Kenneth
believes this process would only take one or two years. Anton likes this idea; he envisions a
password- protected system that only he and Kenneth can access.
Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job
easier, but it will simplify the management of the stored dat
a. The heads of subsidiaries like the art gallery and kitchenware store down the street will be
responsible for their own information management. Then, any unneeded subsidiary data still in
Anton's possession can be destroyed within the next few years.
After learning of a recent security incident, Anton realizes that another crucial step will be notifying
customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the
data was encrypted and not sensitive in nature. Anton does not want to take any chances, however.
He intends on sending notice letters to all employees and customers to be safe.
Anton must also check for compliance with all legislative, regulatory, and market requirements
related to privacy protection. Kenneth oversaw the development of the company's online presence
about ten years ago, but Anton is not confident about his understanding of recent online marketing
laws. Anton is assigning another trusted employee with a law background the task of the compliance
assessment. After a thorough analysis, Anton knows the company should be safe for another five
years, at which time he can order another check.
Documentation of this analysis will show auditors due diligence.
Anton has started down a long road toward improved management of the company, but he knows
the effort is worth it. Anton wants his uncle's legacy to continue for many years to come.
In terms of compliance with regulatory and legislative changes, Anton has a misconception
regarding?
A
SCENARIO
Please use the following to answer the next QUESTIO N:
Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner,
Anton, has found some degree of disorganization after touring the company headquarters. His uncle
Henry had always focused on production – not data processing – and Anton is concerned. In several
storage rooms, he has found paper files, disks, and old computers that appear to contain the
personal data of current and former employees and customers. Anton knows that a single break-in
could irrevocably damage the company's relationship with its loyal customers. He intends to set a
goal of guaranteed zero loss of personal information.
To this end, Anton originally planned to place restrictions on who was admitted to the physical
premises of the company. However, Kenneth – his uncle's vice president and longtime confidante –
wants to hold off on Anton's idea in favor of converting any paper records held at the company to
electronic storage. Kenneth believes this process would only take one or two years. Anton likes this
idea; he envisions a password- protected system that only he and Kenneth can access.
Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job
easier, but it will simplify the management of the stored dat
a. The heads of subsidiaries like the art gallery and kitchenware store down the street will be
responsible for their own information management. Then, any unneeded
subsidiary data still in Anton's possession can be destroyed within the next few years.
After learning of a recent security incident, Anton realizes that another crucial step will be notifying
customers. Kenneth insists that two lost hard drives in Question are not cause for concern; all of the
data was encrypted and not sensitive in nature. Anton does not want to take any chances, however.
He intends on sending notice letters to all employees and customers to be safe.
Anton must also check for compliance with all legislative, regulatory, and market requirements
related to privacy protection. Kenneth oversaw the development of the company's online presence
about ten years ago, but Anton is not confident about his understanding of recent online marketing
laws. Anton is assigning another trusted employee with a law background the task of the compliance
assessment. After a thorough analysis, Anton knows the company should be safe for another five
years, at which time he can order another check.
Documentation of this analysis will show auditors due diligence.
Anton has started down a long road toward improved management of the company, but he knows
the effort is worth it. Anton wants his uncle's legacy to continue for many years to come.
What would the company's legal team most likely recommend to Anton regarding his planned
communication with customers?
D
Why were the nongovernmental privacy organizations, Electronic Frontier Foundation (EFF) and
Electronic Privacy Information Center (EPIC), established?
C
What is the main function of the Asia-Pacific Economic Cooperation Privacy Framework?
A
Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as
required under the General Data Protection Regulation (GDPR)?
C
As a Data Protection Officer, one of your roles entails monitoring changes in laws and regulations and
updating policies accordingly.
How would you most effectively execute this responsibility?
D
SCENARIO
Please use the following to answer the next QUESTIO N:
John is the new privacy officer at the prestigious international law firm – A&M LLP. A&M LLP is very
proud of its reputation in the practice areas of Trusts & Estates and Merger & Acquisition in both U.S.
and Europe.
During lunch with a colleague from the Information Technology department, John heard that the
Head of IT, Derrick, is about to outsource the firm's email continuity service to their existing email
security vendor – MessageSafe. Being successful as an email hygiene vendor, MessageSafe is
expanding its business by leasing cloud infrastructure from Cloud Inc. to host email continuity service
for A&M LLP.
John is very concerned about this initiative. He recalled that MessageSafe was in the news six
months ago due to a security breach. Immediately, John did a quick research of MessageSafe's
previous breach and learned that the breach was caused by an unintentional mistake by an IT
administrator. He scheduled a meeting with Derrick to address his concerns.
At the meeting, Derrick emphasized that email is the primary method for the firm's lawyers to
communicate with clients, thus it is critical to have the email continuity service to avoid any possible
email downtime. Derrick has been using the anti-spam service provided by MessageSafe for five
years and is very happy with the quality of service provided by MessageSafe. In addition to the
significant discount offered by MessageSafe, Derrick emphasized that he can also speed up the
onboarding process since the firm already has a service contract in place with MessageSafe. The
existing on-premises email continuity solution is about to reach its end of life very soon and he
doesn't have the time or resource to look for another solution. Furthermore, the off-premises email
continuity service will only be turned on when the email service at A&M LLP's primary and secondary
data centers are both down, and the email messages stored at MessageSafe site for continuity
service will be automatically deleted after 30 days.
Which of the following is the most effective control to enforce MessageSafe's implementation of
appropriate technical countermeasures to protect the personal data received from A&M LLP?
C