nerdexam
(ISC)2

CISSP · Question #330

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test su

The correct answer is D. Anonymize it and process it in the US. Anonymizing the test subject's data means removing or masking any personally identifiable information (PII) that could be used to identify or trace the individual. This can help to protect the privacy and confidentiality of the test subjects, as well as comply with the data prote

Submitted by skyler.x· Mar 5, 2026Security and Risk Management

Question

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

Options

  • AAggregate it into one database in the US
  • BProcess it in the US, but store the information in France
  • CShare it with a third party
  • DAnonymize it and process it in the US

How the community answered

(53 responses)
  • A
    25% (13)
  • B
    9% (5)
  • C
    6% (3)
  • D
    60% (32)

Explanation

Anonymizing the test subject's data means removing or masking any personally identifiable information (PII) that could be used to identify or trace the individual. This can help to protect the privacy and confidentiality of the test subjects, as well as comply with the data protection laws and regulations of both countries. Processing the anonymized data in the US can also help to reduce the costs and risks of transferring the data across borders. Aggregating the data into one database in the US, processing it in the US but storing it in France, or sharing it with a third party could all pose potential privacy and security risks, as well as legal and ethical issues, for the organization and the test subjects.

Topics

#data privacy#cross-border data transfer#anonymization#regulatory compliance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice