nerdexam
(ISC)2

CISSP · Question #1138

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?

The correct answer is D. Collection Limitation Principle. The Collection Limitation Principle governs how personal data is gathered, requiring it to be obtained through lawful and fair means, often with the knowledge or consent of the data subject.

Submitted by daniela_cl· Mar 5, 2026Security and Risk Management

Question

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?

Options

  • AData Quality Principle
  • BOpenness Principle
  • CPurpose Specification Principle
  • DCollection Limitation Principle

How the community answered

(38 responses)
  • A
    5% (2)
  • B
    3% (1)
  • D
    92% (35)

Why each option

The Collection Limitation Principle governs how personal data is gathered, requiring it to be obtained through lawful and fair means, often with the knowledge or consent of the data subject.

AData Quality Principle

The Data Quality Principle pertains to ensuring that collected personal data is accurate, complete, current, and relevant to the purpose for which it is used, not to the method of collection.

BOpenness Principle

The Openness Principle requires that organizations maintain transparency about their data practices, policies, and the existence of personal data stores, rather than addressing how data is collected.

CPurpose Specification Principle

The Purpose Specification Principle requires that the purposes for which personal data is collected be specified at or before the time of collection, focusing on why data is gathered rather than the lawfulness of the collection method.

DCollection Limitation PrincipleCorrect

The Collection Limitation Principle, rooted in the OECD Privacy Guidelines, directly addresses the manner in which personal data is collected. It stipulates that data collection must be done by lawful and fair means, and where appropriate, with the knowledge or consent of the data subject. This principle sets boundaries on the act of gathering data itself, not on its use or quality.

Concept tested: OECD Collection Limitation Principle for personal data

Source: https://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm

Topics

#data privacy#privacy principles#data collection#regulatory compliance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice