Certified Information Privacy Manager (CIPM) — Question 187

If a privacy professional wants to show that an organization's privacy program is working as intended, the professional should?

Answer options

• A. Collect feedback from customers about the privacy program.
• B. Carry out a personal data breach tabletop exercise.
• C. Collect and analyze privacy program metrics.
• D. Review privacy policies.

Correct answer: C

Explanation

The correct answer is C because collecting and analyzing privacy program metrics provides quantitative evidence of the program's effectiveness and areas needing improvement. Options A and D focus on subjective feedback and policy review, which do not offer concrete proof of program performance. Option B, while useful for testing responses to breaches, does not assess the ongoing effectiveness of the privacy program itself.