Certified Information Privacy Technologist (CIPT) — Question 106

Which of the following is the least effective privacy preserving practice in the Systems Development Life Cycle (SDLC)?

Answer options

• A. Conducting privacy threat modeling for the use-case.
• B. Following secure and privacy coding standards in the development.
• C. Developing data flow modeling to identify sources and destinations of sensitive data.
• D. Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks.

Correct answer: D

Explanation

Reviewing the code against the OWASP Top 10 Security Risks primarily focuses on security issues rather than privacy concerns, making it the least effective for privacy preservation. In contrast, conducting privacy threat modeling, following secure coding standards, and developing data flow models specifically address privacy risks and are more effective practices in protecting sensitive data.