nerdexam
(ISC)2

CISSP · Question #924

Which of the following is a common characteristic of privacy?

The correct answer is B. Notice to the subject of the existence of a database containing relevant credit card data. Privacy frameworks commonly require that individuals be notified when their personal data is collected and stored. Notice is a foundational principle across most major privacy regulations and frameworks.

Submitted by kev92· Mar 5, 2026Security and Risk Management

Question

Which of the following is a common characteristic of privacy?

Options

  • AProvision for maintaining an audit trail of access to the private data
  • BNotice to the subject of the existence of a database containing relevant credit card data
  • CProcess for the subject to inspect and correct personal data on-site
  • DDatabase requirements for integration of privacy data

How the community answered

(35 responses)
  • A
    9% (3)
  • B
    86% (30)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Privacy frameworks commonly require that individuals be notified when their personal data is collected and stored. Notice is a foundational principle across most major privacy regulations and frameworks.

AProvision for maintaining an audit trail of access to the private data

Audit trails of data access are a security control related to accountability and monitoring, not a defining characteristic of privacy itself, though they may support privacy compliance.

BNotice to the subject of the existence of a database containing relevant credit card dataCorrect

Notice to the data subject is a universally recognized core principle of privacy, appearing in frameworks such as OECD Privacy Guidelines, GDPR, and FTC Fair Information Practice Principles. It requires that individuals be informed about the existence of databases containing their personal information, the purpose of collection, and how it will be used. This transparency principle is considered foundational because privacy rights cannot be exercised if individuals are unaware their data is being processed.

CProcess for the subject to inspect and correct personal data on-site

While the right to inspect and correct personal data (data subject access rights) exists in some privacy regulations, requiring on-site inspection is an overly specific and non-standard implementation not representative of a common privacy characteristic.

DDatabase requirements for integration of privacy data

Database integration requirements for privacy data describe a technical or architectural concern, not a fundamental principle or common characteristic of privacy as defined in recognized privacy frameworks.

Concept tested: Core principles of information privacy frameworks

Source: https://www.ftc.gov/policy-notices/privacy-policy/fair-information-practice-principles

Topics

#privacy principles#data privacy#notice

Community Discussion

No community discussion yet for this question.

Full CISSP Practice