ISACA CDPSE - Certified Data Privacy Solutions Engineer Certification Exam
Question #6 (Topic: Demo Questions)
Which of the following approaches to incorporating privacy by design principles BEST ensures the privacy of personal information?
Correct Answer: A
Explanation:
Privacy by design requires proactive, default, and continuous integration of privacy controls across the entire data life cycle (collection through disposal). Limiting to breach response (B) or remediation (C) is reactive , and focusing only on final product development (D) misses earlier phases where most risk originates.
Privacy by design requires proactive, default, and continuous integration of privacy controls across the entire data life cycle (collection through disposal). Limiting to breach response (B) or remediation (C) is reactive , and focusing only on final product development (D) misses earlier phases where most risk originates.
“Embed privacy from the outset and across the full life cycle of processing activities.”
[References: ISACA CDPSE Review Manual – Domain 2: Privacy by Design (End-to-End Security; Proactive not Reactive; Privacy Embedded into Design)., , ]
Question #7 (Topic: Demo Questions)
Which of the following is the MOST important privacy consideration when developing a contact tracing application?
Correct Answer: A
Explanation:
The proportionality of the data collected for the intended purpose is the most important privacy consideration when developing a contact tracing application. This means that the application should only collect the minimum amount of personal data necessary to achieve the specific and legitimate purpose of preventing and controlling the spread of COVID-19 1 . The application should also ensure that the data collected are relevant, adequate, and not excessive in relation to the purpose 2 . The application should avoid collecting or processing any data that are not essential for the purpose, such as location data, biometric data, or health data unrelated to COVID-19 3 . The application should also respect the data minimization principle, which requires that the data are kept for no longer than necessary for the purpose 4 . References:
European Data Protection Board Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak
Article 5(1)© of the General Data Protection Regulation (GDPR)
Article 29 Data Protection Working Party Opinion 04/2017 on the Proposed Regulation for the ePrivacy Regulation
Article 5(1)(e) of the GDPR
European Data Protection Board Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak
Article 5(1)© of the General Data Protection Regulation (GDPR)
Article 29 Data Protection Working Party Opinion 04/2017 on the Proposed Regulation for the ePrivacy Regulation
Article 5(1)(e) of the GDPR
European Data Protection Board Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak
Article 5(1)© of the General Data Protection Regulation (GDPR)
Article 29 Data Protection Working Party Opinion 04/2017 on the Proposed Regulation for the ePrivacy Regulation
Article 5(1)(e) of the GDPR