CCSP Question #367: Real Exam Question with Answer & Explanation

The correct answer is C: Location of data. Contractual PII components refer to elements that data processing agreements must address when handling personally identifiable information. These typically include: scope of processing (what data is processed and how), use of subcontractors (who else may handle the data), securi

Submitted by zhang_li· Apr 18, 2026Legal, Risk and Compliance

Question

Which of the following is not a component of contractual PII?

Options

AScope of processing
BValue of data
CLocation of data
DUse of subcontractors

Explanation

Contractual PII components refer to elements that data processing agreements must address when handling personally identifiable information. These typically include: scope of processing (what data is processed and how), use of subcontractors (who else may handle the data), security obligations, and data subject rights. 'Location of data' is a data governance and sovereignty concern addressed separately - it is not a standard component of contractual PII requirements as defined in frameworks like ISO 29101 or GDPR data processing agreements.

Topics

#PII management#Data protection agreements#Contractual obligations#Legal compliance

Community Discussion

No community discussion yet for this question.

Full CCSP Practice Browse All CCSP Questions