CDPSE · Question #18
Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?
The correct answer is D. Data owner. The Data Owner is the business entity or senior individual with ultimate accountability and decision-making authority over a specific data asset - including how it is used, shared, and protected. They are the appropriate stakeholder to approve PIA outcomes because they bear accou
Question
Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?
Options
- AData custodian
- BPrivacy data analyst
- CData processor
- DData owner
How the community answered
(58 responses)- A2% (1)
- B2% (1)
- C5% (3)
- D91% (53)
Explanation
The Data Owner is the business entity or senior individual with ultimate accountability and decision-making authority over a specific data asset - including how it is used, shared, and protected. They are the appropriate stakeholder to approve PIA outcomes because they bear accountability for the risks identified and must authorize any accepted risks or remediation actions. A data custodian (A) manages and maintains data on behalf of the owner but lacks approval authority. A privacy data analyst (B) supports the PIA process analytically but does not have accountability authority. A data processor (C) processes data on behalf of a controller and has no ownership or approval role in the PIA.
Topics
Community Discussion
No community discussion yet for this question.