Certified Information Privacy Manager (CIPM) — Question 63

Which of the following controls are generally NOT part of a Privacy Impact Assessment (PIA) review?

Answer options

• A. Access.
• B. Incident.
• C. Retention.
• D. Collection.

Correct answer: B

Explanation

The correct answer is B because incident controls focus on responding to breaches rather than assessing privacy impacts. The other options, Access, Retention, and Collection, are essential components of a PIA as they directly relate to how personal data is managed and safeguarded.