Certified Information Privacy Manager (CIPM) — Question 54

Which of the following is least relevant to establishing a culture of data privacy at a company?

Answer options

• A. Monitoring compliance.
• B. Adherence to ISO 27001.
• C. Deploying training and awareness.
• D. Adopting Privacy by Design (PbD).

Correct answer: B

Explanation

Adherence to ISO 27001, while important for information security management, does not directly contribute to fostering a culture of data privacy compared to the other options. Monitoring compliance, providing training, and implementing Privacy by Design are more directly related to promoting awareness and practices that protect data privacy.