nerdexam
Isaca

CDPSE · Question #300

Which of the following documents should be communicated to customers to establish accountability for the use and protection of personal information?

The correct answer is C. Privacy notice. A privacy notice is the externally facing document that informs customers about how their personal information is collected, used, and protected, establishing organizational accountability.

Privacy Governance

Question

Which of the following documents should be communicated to customers to establish accountability for the use and protection of personal information?

Options

  • APrivacy standards
  • BPrivacy consent form
  • CPrivacy notice
  • DPrivacy procedures

How the community answered

(39 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    95% (37)

Why each option

A privacy notice is the externally facing document that informs customers about how their personal information is collected, used, and protected, establishing organizational accountability.

APrivacy standards

Privacy standards are internal governance documents that define acceptable practices within the organization and are not typically communicated to customers as accountability instruments.

BPrivacy consent form

A privacy consent form captures a data subject's agreement to specific processing activities but does not comprehensively establish ongoing organizational accountability for all uses of personal information.

CPrivacy noticeCorrect

A privacy notice (also called a privacy policy) is a public-facing disclosure document required by regulations such as GDPR and CCPA that communicates to data subjects what personal information is collected, the purposes of processing, retention periods, data subject rights, and contact information for the responsible organization. It is specifically designed to create transparency and accountability between the organization and the individuals whose data it processes. No other listed document serves this external communication and accountability function.

DPrivacy procedures

Privacy procedures are internal operational instructions for staff on how to handle personal data and are not intended for communication to customers.

Concept tested: Privacy notice as external accountability document

Source: https://gdpr.eu/privacy-notice/

Topics

#Privacy notice#Transparency#Accountability#Customer communication

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice