nerdexam
Isaca

CDPSE · Question #9

A new marketing application needs to use data from the organization's customer database. Prior to the application using the data, which of the following should be done FIRST?

The correct answer is C. Determine what data is required by the application.. The principle of data minimization requires that only the data necessary for a specific purpose be collected and used. Before any technical controls are implemented, the organization must first determine what data the application actually needs. Enabling DLP logging (A), de-ident

Data Life Cycle

Question

A new marketing application needs to use data from the organization's customer database. Prior to the application using the data, which of the following should be done FIRST?

Options

  • AEnsure the data loss prevention (DLP) tool is logging activity.
  • BDe-identify all personal data in the database.
  • CDetermine what data is required by the application.
  • DRenew the encryption key to include the application.

How the community answered

(57 responses)
  • A
    7% (4)
  • B
    4% (2)
  • C
    88% (50)
  • D
    2% (1)

Explanation

The principle of data minimization requires that only the data necessary for a specific purpose be collected and used. Before any technical controls are implemented, the organization must first determine what data the application actually needs. Enabling DLP logging (A), de-identifying data (B), and renewing encryption keys (D) are all valid controls, but they cannot be properly scoped or applied without first knowing the minimum required dataset. Identifying required data is the foundational step that informs all subsequent decisions.

Topics

#Data Minimization#Purpose Limitation#Data Inventory#Privacy by Design

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice