CompTIA
CAS-002 · Question #701
CAS-002 Question #701: Real Exam Question with Answer & Explanation
The correct answer is A: Explain how customer data is gathered, used, disclosed, and managed.. Effective privacy compliance training must cover the full data lifecycle - collection, use, disclosure, and management - so staff understand their responsibilities at every stage.
Question
There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?
Options
- AExplain how customer data is gathered, used, disclosed, and managed.
- BRemind staff of the company's data handling policy and have staff sign an NDA.
- CFocus on explaining the "how" and "why" customer data is being collected.
- DRepublish the data classification and the confidentiality policy.
Explanation
Effective privacy compliance training must cover the full data lifecycle - collection, use, disclosure, and management - so staff understand their responsibilities at every stage.
Common mistakes.
- B. Having staff sign an NDA and review the data handling policy addresses legal acknowledgment but does not educate staff on the practical steps required to protect customer data.
- C. Explaining only the 'how' and 'why' of data collection is incomplete because it omits staff responsibilities during data use, disclosure, and retention or deletion.
- D. Republishing classification and confidentiality policies is a passive administrative action that does not constitute active training or ensure staff can apply the policies correctly.
Concept tested. Privacy compliance training program scope and data lifecycle
Reference. https://www.nist.gov/privacy-framework
Community Discussion
No community discussion yet for this question.