CDPSE · Question #98
To ensure the protection of personal data, privacy policies should mandate that access to information system applications be authorized by the.
The correct answer is C. business application owner. The business application owner is the appropriate authority to authorize access to an application because they understand the business purpose of the data, who legitimately needs it, and the sensitivity of the information involved. They are accountable for the data within their a
Question
To ensure the protection of personal data, privacy policies should mandate that access to information system applications be authorized by the.
Options
- Ageneral counsel.
- Bdatabase administrator.
- Cbusiness application owner
- Dchief information officer (CIO)
How the community answered
(24 responses)- A4% (1)
- C92% (22)
- D4% (1)
Explanation
The business application owner is the appropriate authority to authorize access to an application because they understand the business purpose of the data, who legitimately needs it, and the sensitivity of the information involved. They are accountable for the data within their application and are best positioned to determine appropriate access levels. The general counsel handles legal matters, the DBA manages technical database access (not business authorization), and the CIO sets strategy but delegates operational access decisions to owners.
Topics
Community Discussion
No community discussion yet for this question.