nerdexam
Isaca

CDPSE · Question #111

A project manager for a new data collection system had a privacy impact assessment (PIA) completed before the solution was designed. Once the system was released into production, an audit revealed per

The correct answer is D. Incorporate privacy checkpoints into the secure development life cycle. Incorporating privacy checkpoints into the Secure Development Life Cycle (SDLC) embeds privacy review at each phase of development - requirements, design, build, test, and deployment - ensuring that any additions or changes to data collection are evaluated for privacy impact befo

Privacy Architecture

Question

A project manager for a new data collection system had a privacy impact assessment (PIA) completed before the solution was designed. Once the system was released into production, an audit revealed personal data was being collected that was not part of the PIA What is the BEST way to avoid this situation in the future?

Options

  • AConduct a privacy post-implementation review.
  • BDocument personal data workflows in the product life cycle
  • CRequire management approval of changes to system architecture design.
  • DIncorporate privacy checkpoints into the secure development life cycle

How the community answered

(23 responses)
  • A
    13% (3)
  • B
    4% (1)
  • C
    4% (1)
  • D
    78% (18)

Explanation

Incorporating privacy checkpoints into the Secure Development Life Cycle (SDLC) embeds privacy review at each phase of development - requirements, design, build, test, and deployment - ensuring that any additions or changes to data collection are evaluated for privacy impact before they reach production. A post-implementation review (A) is reactive and only catches problems after they occur. Documenting workflows (B) improves awareness but does not enforce controls. Requiring management approval of architecture changes (C) is too narrow and would miss non-architectural data collection changes introduced during development.

Topics

#Privacy by Design#Secure Development Life Cycle (SDLC)#Privacy Checkpoints#Proactive Privacy

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice