Certified Information Privacy Manager (CIPM) — Question 159

Which of the following is TRUE of a privacy program with decentralized governance?

Answer options

• A. A mid-level manager within the business is responsible for accepting privacy risks.
• B. Privacy governance across the organization is mostly managed by one team or person.
• C. Decision-making is delegated by senior management to lower levels in the organization.
• D. A Chief Privacy Officer (CPO) sets privacy program priorities with input from privacy champions from relevant areas of the business.

Correct answer: C

Explanation

The correct answer is C because decentralized governance allows for decision-making authority to be pushed down to lower levels within the organization, enhancing responsiveness to privacy issues. Option A is incorrect as it suggests a single manager is solely responsible, while B indicates centralized management, which contradicts the concept of decentralization. Option D implies a centralized approach by the CPO, which is not aligned with decentralized governance.