nerdexam
Isaca

CDPSE · Question #14

Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?

The correct answer is A. The organization lacks a hardware disposal policy.. Without a hardware disposal policy, decommissioned devices such as hard drives, servers, laptops, and USB drives containing personal data may be discarded, resold, or recycled without proper data destruction. This can result in a permanent, uncontrollable data breach - personal d

Data Life Cycle

Question

Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?

Options

  • AThe organization lacks a hardware disposal policy.
  • BEmails are not consistently encrypted when sent internally.
  • CPrivacy training is carried out by a service provider.
  • DThe organization's privacy policy has not been reviewed in over a year.

How the community answered

(45 responses)
  • A
    64% (29)
  • B
    20% (9)
  • C
    11% (5)
  • D
    4% (2)

Explanation

Without a hardware disposal policy, decommissioned devices such as hard drives, servers, laptops, and USB drives containing personal data may be discarded, resold, or recycled without proper data destruction. This can result in a permanent, uncontrollable data breach - personal data accessible to anyone who acquires the hardware. This risk is irreversible once the device leaves organizational control. Unencrypted internal emails (B) are a risk but generally within a controlled environment. Outsourced privacy training (C) is a vendor management issue, not an immediate data exposure risk. An outdated privacy policy (D) is a compliance gap but does not directly expose personal data.

Topics

#Hardware disposal#Data sanitization#Data lifecycle management#Risk assessment

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice