CISSP · Question #924
Which of the following is a common characteristic of privacy?
The correct answer is B. Notice to the subject of the existence of a database containing relevant credit card data. Privacy frameworks commonly require that individuals be notified when their personal data is collected and stored. Notice is a foundational principle across most major privacy regulations and frameworks.
Question
Options
- AProvision for maintaining an audit trail of access to the private data
- BNotice to the subject of the existence of a database containing relevant credit card data
- CProcess for the subject to inspect and correct personal data on-site
- DDatabase requirements for integration of privacy data
How the community answered
(35 responses)- A9% (3)
- B86% (30)
- C3% (1)
- D3% (1)
Why each option
Privacy frameworks commonly require that individuals be notified when their personal data is collected and stored. Notice is a foundational principle across most major privacy regulations and frameworks.
Audit trails of data access are a security control related to accountability and monitoring, not a defining characteristic of privacy itself, though they may support privacy compliance.
Notice to the data subject is a universally recognized core principle of privacy, appearing in frameworks such as OECD Privacy Guidelines, GDPR, and FTC Fair Information Practice Principles. It requires that individuals be informed about the existence of databases containing their personal information, the purpose of collection, and how it will be used. This transparency principle is considered foundational because privacy rights cannot be exercised if individuals are unaware their data is being processed.
While the right to inspect and correct personal data (data subject access rights) exists in some privacy regulations, requiring on-site inspection is an overly specific and non-standard implementation not representative of a common privacy characteristic.
Database integration requirements for privacy data describe a technical or architectural concern, not a fundamental principle or common characteristic of privacy as defined in recognized privacy frameworks.
Concept tested: Core principles of information privacy frameworks
Source: https://www.ftc.gov/policy-notices/privacy-policy/fair-information-practice-principles
Topics
Community Discussion
No community discussion yet for this question.