CISSP Question #1138: Real Exam Question with Answer & Explanation

The correct answer is D: Collection Limitation Principle. The Collection Limitation Principle governs how personal data is gathered, requiring it to be obtained through lawful and fair means, often with the knowledge or consent of the data subject.

Submitted by daniela_cl· Mar 5, 2026Security and Risk Management

Question

The acquisition of personal data being obtained by a lawful and fair means is an example of what principle?

Options

AData Quality Principle
BOpenness Principle
CPurpose Specification Principle
DCollection Limitation Principle

Explanation

The Collection Limitation Principle governs how personal data is gathered, requiring it to be obtained through lawful and fair means, often with the knowledge or consent of the data subject.

Common mistakes.

A. The Data Quality Principle pertains to ensuring that collected personal data is accurate, complete, current, and relevant to the purpose for which it is used, not to the method of collection.
B. The Openness Principle requires that organizations maintain transparency about their data practices, policies, and the existence of personal data stores, rather than addressing how data is collected.
C. The Purpose Specification Principle requires that the purposes for which personal data is collected be specified at or before the time of collection, focusing on why data is gathered rather than the lawfulness of the collection method.

Concept tested. OECD Collection Limitation Principle for personal data

Reference. https://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm

Topics

#data privacy#privacy principles#data collection#regulatory compliance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions