Certified Information Privacy Technologist (CIPT) — Question 108

Which of the following CANNOT be effectively determined during a code audit?

Answer options

• A. Whether access control logic is recommended in all cases.
• B. Whether data is being incorrectly shared with a third-party.
• C. Whether consent is durably recorded in the case of a server crash.
• D. Whether the differential privacy implementation correctly anonymizes data.

Correct answer: D

Explanation

The correct answer is D because a code audit cannot determine if the differential privacy implementation effectively anonymizes data without executing the code and testing its outcomes. Options A, B, and C can be evaluated through the review of code and documentation, allowing auditors to assess access control logic, data sharing practices, and consent recording processes.