CISSP Question #25: Real Exam Question with Answer & Explanation

The correct answer is D: Adherence to collection limitation laws and regulations.. The most important consideration when storing and processing PII is to adhere to the collection limitation laws and regulations that apply to the jurisdiction and context of the data processing. Collection limitation is a principle that states that PII should be collected only fo

Submitted by satoshi_tk· Mar 5, 2026Security and Risk Management

Question

Which of the following is the MOST important consideration when storing and processing Personally Identifiable Information (PII)?

Options

AEncrypt and hash all PII to avoid disclosure and tampering.
BStore PII for no more than one year.
CAvoid storing PII in a Cloud Service Provider.
DAdherence to collection limitation laws and regulations.

Explanation

The most important consideration when storing and processing PII is to adhere to the collection limitation laws and regulations that apply to the jurisdiction and context of the data processing. Collection limitation is a principle that states that PII should be collected only for a specific, legitimate, and lawful purpose, and only to the extent that is necessary for that purpose. By following this principle, the data processor can minimize the amount of PII that is stored and processed, and reduce the risk of data breaches, misuse, or unauthorized access. Encrypting and hashing all PII, storing PII for no more than one year, and avoiding storing PII in a cloud service provider are also good practices for protecting PII, but they are not as important as adhering to the collection limitation laws and regulations.

Topics

#PII protection#data privacy#regulatory compliance#data governance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions