nerdexam
Isaca

CDPSE · Question #196

Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

The correct answer is A. Evaluate the impact resulting from this change.. Evaluating impact (A) must come first because expanding remote work affects data flows, privacy risks, access controls, and compliance obligations - you cannot make sound decisions about policies, tools, or controls without first understanding what has changed and what new risks

Privacy Governance

Question

Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

Options

  • AEvaluate the impact resulting from this change.
  • BRevisit the current remote working policies.
  • CImplement a virtual private network (VPN) tool.
  • DEnforce multi-factor authentication for remote access.

How the community answered

(55 responses)
  • A
    84% (46)
  • B
    9% (5)
  • C
    2% (1)
  • D
    5% (3)

Explanation

Evaluating impact (A) must come first because expanding remote work affects data flows, privacy risks, access controls, and compliance obligations - you cannot make sound decisions about policies, tools, or controls without first understanding what has changed and what new risks exist. Revisiting policies (B) is a valid follow-up step, but policies should be updated after you understand the impact, not before. Implementing a VPN (C) and enforcing MFA (D) are technical controls that address specific risks - jumping to them prematurely assumes you already know what risks need mitigating, skipping the assessment that justifies those choices.

Memory tip: Think "assess before you address" - in privacy and security frameworks (like GDPR or NIST), a Privacy Impact Assessment (PIA) or risk assessment always precedes policy changes and control implementation.

Topics

#Privacy Impact Assessment#Remote Work#Privacy Governance#Change Management

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice