nerdexam
Isaca

CDPSE · Question #110

When contracting with a Software as a Service (SaaS) provider, which of the following is the MOST important contractual requirement to ensure data privacy at service termination?

The correct answer is B. Removal of customer data. At service termination, the overriding privacy concern is that the SaaS provider no longer retains the customer's data in any form. 'Removal of customer data' (B) is the broadest and most critical obligation-it ensures the provider deletes or returns all data and ceases to hold i

Privacy Governance

Question

When contracting with a Software as a Service (SaaS) provider, which of the following is the MOST important contractual requirement to ensure data privacy at service termination?

Options

  • AEncryption of customer data
  • BRemoval of customer data
  • CDe-identification of customer data
  • DDestruction of customer data

How the community answered

(35 responses)
  • A
    11% (4)
  • B
    80% (28)
  • C
    6% (2)
  • D
    3% (1)

Explanation

At service termination, the overriding privacy concern is that the SaaS provider no longer retains the customer's data in any form. 'Removal of customer data' (B) is the broadest and most critical obligation-it ensures the provider deletes or returns all data and ceases to hold it. Encryption (A) protects data in transit/at rest but does not eliminate the provider's possession of it. De-identification (C) still leaves data in the provider's environment. Destruction (D) is often a subset of removal and refers mainly to physical media; contractual language for 'removal' typically encompasses all forms of data elimination and is the standard term used in data processing agreements.

Topics

#SaaS contracts#Data termination#Data privacy#Contractual requirements

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice