CERTIFIED-DATA-ANALYST-ASSOCIATE Question #92: Real Exam Question with Answer & Explanation

Question

A data analyst has come across a column in a table that contains personally identifiable information (PII). The data analyst should not have access to this type of PII data. How should the data analyst proceed?

Options

• AStop working with the data and delete the table and any existing metadata or data files.
• BStop working with the data and proceed with the project using other data.
• CStop working with the data and notify their supervisor to ensure the data is handled following
• DDrop the column containing PII data and continue with the project without notifying anybody.

Explanation

Option C is correct because when a data analyst accidentally encounters PII they're not authorized to access, the proper protocol is to stop immediately and escalate - the supervisor or data governance team must be notified so the data can be secured, access controls reviewed, and any compliance requirements (like GDPR or HIPAA) properly followed.

• A is wrong because deleting the table or data files is a destructive, unauthorized action - the analyst doesn't own the data and could destroy legitimate records or violate retention policies.
• B is wrong because simply moving on without reporting leaves the underlying access control problem unresolved; others may also be improperly accessing the same data.
• D is wrong for two reasons: dropping a column is again an unauthorized destructive action, and failing to notify anyone means the security breach goes unreported and unaddressed.

Memory tip: Think of the "PII protocol" as Stop, Don't Touch, Tell Someone - any action that modifies or deletes data (A, D) or ignores the problem (B) fails at least one of those three steps, making C the only safe choice.

No community discussion yet for this question.