Google Cloud Professional Cloud Architect — Question 118

You are working at a sports association whose members range in age from 8 to 30. The association collects a large amount of health data, such as sustained injuries. You are storing this data in BigQuery. Current legislation requires you to delete such information upon request of the subject. You want to design a solution that can accommodate such a request. What should you do?

Answer options

• A. Use a unique identifier for each individual. Upon a deletion request, delete all rows from BigQuery with this identifier.
• B. When ingesting new data in BigQuery, run the data through the Data Loss Prevention (DLP) API to identify any personal information. As part of the DLP scan, save the result to Data Catalog. Upon a deletion request, query Data Catalog to find the column with personal information.
• C. Create a BigQuery view over the table that contains all data. Upon a deletion request, exclude the rows that affect the subject's data from this view. Use this view instead of the source table for all analysis tasks.
• D. Use a unique identifier for each individual. Upon a deletion request, overwrite the column with the unique identifier with a salted SHA256 of its value.

Correct answer: A

Explanation

The correct answer, A, ensures that all data associated with a specific individual can be completely deleted with a straightforward query using their unique identifier. Option B complicates the process by introducing an additional step of querying Data Catalog, which may not guarantee complete deletion. Option C only creates a filtered view and does not remove the data from the table itself, leaving potential compliance issues. Option D does not effectively delete the data but rather obscures it, failing to meet the requirement for deletion upon request.