CDPSE · Question #46
Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?
The correct answer is B. Conduct a privacy risk assessment.. A privacy risk assessment systematically evaluates both the likelihood and impact of privacy harms to individuals (privacy risk) as well as gaps relative to regulatory and policy requirements (compliance risk). This structured process allows practitioners to clearly separate risk
Question
Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?
Options
- APerform a privacy risk audit.
- BConduct a privacy risk assessment.
- CValidate a privacy risk attestation.
- DConduct a privacy risk remediation exercise.
How the community answered
(56 responses)- A4% (2)
- B93% (52)
- C2% (1)
- D2% (1)
Explanation
A privacy risk assessment systematically evaluates both the likelihood and impact of privacy harms to individuals (privacy risk) as well as gaps relative to regulatory and policy requirements (compliance risk). This structured process allows practitioners to clearly separate risks that could harm data subjects from risks that result in regulatory non-compliance, which may or may not cause actual harm. A privacy risk audit (A) is typically a point-in-time review of existing controls. A privacy risk attestation (C) is a formal declaration, not an analytical process. Remediation exercises (D) address known risks rather than distinguishing between types.
Topics
Community Discussion
No community discussion yet for this question.