nerdexam
Isaca

CDPSE · Question #315

A visitor approaches the security desk of a global bank to gain access to attend a meeting. The security desk personnel ask for an official form of identity. Which of the following is the BEST practic

The correct answer is A. Maintain a record of identity verification but not a copy of the ID document itself.. The privacy-compliant best practice is to record that identity verification occurred - confirming the visitor's identity was checked - without retaining a copy of the actual ID document. Copying an ID document collects far more personal information than is necessary for a visitor

Data Life Cycle

Question

A visitor approaches the security desk of a global bank to gain access to attend a meeting. The security desk personnel ask for an official form of identity. Which of the following is the BEST practice with regard to documentation for company record-keeping?

Options

  • AMaintain a record of identity verification but not a copy of the ID document itself.
  • BAsk the visitor to send a copy of the ID document directly to the meeting host.
  • CPost a written notice that explains copies of IDs are stored in a secure system.
  • DAsk for the visitor's consent to make a copy of the ID document.

How the community answered

(38 responses)
  • A
    74% (28)
  • B
    16% (6)
  • C
    5% (2)
  • D
    5% (2)

Explanation

The privacy-compliant best practice is to record that identity verification occurred - confirming the visitor's identity was checked - without retaining a copy of the actual ID document. Copying an ID document collects far more personal information than is necessary for a visitor log (e.g., home address, ID number, date of birth), violating the data minimization principle central to privacy law. Maintaining a verification record satisfies the organization's legitimate security need while minimizing privacy risk to the visitor. Having the visitor send their ID to the meeting host (B) creates an unnecessary additional copy with no added security value. Posting a notice about ID storage (C) addresses transparency but not the minimization issue. Asking for consent to copy the ID (D) might make copying lawful in some contexts, but even with consent, copying an ID collects more data than the security purpose requires.

Topics

#Data Minimization#Identity Verification#Record Keeping#Visitor Privacy

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice