nerdexam
Isaca

AAISM · Question #209

A retail organization implements an AI-driven recommendation system that utilizes customer purchase history. Which of the following is the BEST way for the organization to ensure privacy and comply wi

The correct answer is B. Maintaining a register of legal and regulatory requirements for privacy. According to the AI Security ManagementTM (AAISM) study framework, compliance with privacy and regulatory standards must begin with a formalized process of identifying, documenting, and maintaining applicable obligations. The guidance explicitly notes that organizations should ma

AI Security Strategy and Governance

Question

A retail organization implements an AI-driven recommendation system that utilizes customer purchase history. Which of the following is the BEST way for the organization to ensure privacy and comply with regulatory standards?

Options

  • AConducting quarterly retraining of the AI model to maintain the accuracy of recommendations
  • BMaintaining a register of legal and regulatory requirements for privacy
  • CEstablishing a governance committee to oversee AI privacy practices
  • DStoring customer data indefinitely to ensure the AI model has a complete history

How the community answered

(44 responses)
  • A
    7% (3)
  • B
    89% (39)
  • C
    2% (1)
  • D
    2% (1)

Explanation

According to the AI Security ManagementTM (AAISM) study framework, compliance with privacy and regulatory standards must begin with a formalized process of identifying, documenting, and maintaining applicable obligations. The guidance explicitly notes that organizations should maintain a comprehensive register of legal and regulatory requirements to ensure accountability and alignment with privacy laws. This register serves as the foundation for all governance, risk, and control practices surrounding AI systems that handle personal data. Maintaining such a register ensures that the recommendation system operates under the principles of privacy by design and privacy by default. It allows decision-makers and auditors to trace every AI data processing activity back to relevant compliance obligations, thereby demonstrating adherence to laws such as GDPR, CCPA, or other jurisdictional mandates.

Topics

#AI Privacy#Regulatory Compliance#Legal Frameworks#Data Governance

Community Discussion

No community discussion yet for this question.

Full AAISM Practice