Certified Information Privacy Manager (CIPM) — Question 114

The best way to help ensure that reasonable and appropriate security measures are in place to protect personal data is to establish?

Answer options

• A. A stricter credentialling process so that only employees, and not contractors, have access to sensitive personal data.
• B. A privilege management process so that only certain employees or contractors have the ability to alter or delete personal data.
• C. A physical security policy that prohibits contractors from bringing personal devices into any environment, but permits employees to do so.
• D. A quarterly audit of both the test and development environments to validate alterations or deletions of any data by employees and contractors.

Correct answer: B

Explanation

The correct answer is B, as implementing a privilege management process ensures that only authorized personnel can modify or delete personal data, thus enhancing security. Options A and C incorrectly limit access and device use without addressing data alteration, and option D, while valuable, focuses on auditing rather than proactive management of privileges.