nerdexam
Isaca

CDPSE · Question #229

Which of the following is the MOST critical action for an organization prior to tracking user activity in its applications?

The correct answer is A. Providing notification to users of the organization's privacy policies. Before tracking user activity, an organization must first provide notification of its privacy policies so users are aware of what data is collected and how it will be used.

Privacy Governance

Question

Which of the following is the MOST critical action for an organization prior to tracking user activity in its applications?

Options

  • AProviding notification to users of the organization's privacy policies
  • BEstablishing a data classification scheme
  • CIdentifying and validating users' countries of residence
  • DRequesting users to read and accept the organization's privacy notice

How the community answered

(68 responses)
  • A
    87% (59)
  • B
    7% (5)
  • C
    1% (1)
  • D
    4% (3)

Why each option

Before tracking user activity, an organization must first provide notification of its privacy policies so users are aware of what data is collected and how it will be used.

AProviding notification to users of the organization's privacy policiesCorrect

Privacy regulations globally - including GDPR's transparency principle under Article 5(1)(a) and CCPA's notice-at-collection requirements - mandate that organizations inform individuals about data collection practices before or at the time collection begins. Providing privacy notification is the threshold legal and ethical obligation that must be met before any user activity tracking can lawfully proceed.

BEstablishing a data classification scheme

Establishing a data classification scheme is an internal data governance activity that does not fulfill the transparency obligation owed directly to users.

CIdentifying and validating users' countries of residence

Identifying users' countries of residence supports jurisdiction-specific compliance but is a secondary step that depends on first having a compliant privacy notice in place.

DRequesting users to read and accept the organization's privacy notice

Requesting users to read and accept a privacy notice assumes the notice already exists and has been delivered; notification (A) is the prerequisite step that must come first.

Concept tested: Privacy notice - transparency requirement before user activity tracking

Source: https://gdpr-info.eu/art-13-gdpr/

Topics

#Privacy Notification#Transparency Principles#User Activity Tracking#Privacy Policy

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice