CERTIFIED-IN-CYBERSECURITY Question #463: Real Exam Question with Answer & Explanation

Question

What does a Privacy Policy typically stipulate?

Options

• AWhich information is considered personally identifiable information (PII)
• BWhich employees take care of data privacy
• CThe proper locations to store personal belongings
• DHow to address a privacy breach

Explanation

A privacy policy typically defines what information is considered personally identifiable information (PII) (see ISC2 Study Guide, Chapter 5, Module 3). This policy outlines how an organization collects, uses, discloses, and manages a customer's or client's information, which includes defining what constitutes PII. For example, a privacy policy might state that an organization collects user information such as names, email addresses, and social security numbers, all of which are considered PII. As for the remaining options, although they relate to privacy, none of them represent what a privacy policy typically provides. How to handle a data breach is an important aspect of an organization's incident response plan, but not the primary focus of a privacy policy. The proper place to store personal belongings is irrelevant to a privacy policy. Finally, while it is important to know which employees are responsible for privacy, this information is typically found in an organization's internal policies or job descriptions, not in a privacy policy.

No community discussion yet for this question.