Certified Information Privacy Manager (CIPM) — Question 53

During a merger and acquisition, the most comprehensive review of privacy risks and gaps occurs when conducting what activity?

Answer options

• A. Transfer Impact Assessment (TIA).
• B. Risk identification review.
• C. Due diligence.
• D. Integration.

Correct answer: C

Explanation

The correct answer is C, due diligence, as it encompasses a detailed investigation into privacy risks and gaps associated with the merger or acquisition. While a Transfer Impact Assessment (TIA) and risk identification review are important, they do not provide the comprehensive analysis required during the due diligence phase. Integration focuses on combining organizations, not assessing privacy risks.