Certified Information Privacy Technologist (CIPT) — Question 157

To comply with the Sarbanes-Oxley Act (SOX), public companies in the United States are required to annually report on the effectiveness of the auditing controls of their financial reporting systems. These controls must be implemented to prevent unauthorized use, disclosure, modification, and damage or loss of financial data.
Why do these controls ensure both the privacy and security of data?

Answer options

• A. Modification of data is an aspect of privacy; unauthorized use, disclosure, and damage or loss of data are aspects of security.
• B. Unauthorized use of data is an aspect of privacy; disclosure, modification, and damage or loss of data are aspects of security.
• C. Disclosure of data is an aspect of privacy; unauthorized use, modification, and damage or loss of data are aspects of security.
• D. Damage or loss of data are aspects of privacy; disclosure, unauthorized use, and modification of data are aspects of privacy.

Correct answer: C

Explanation

The correct answer, C, accurately identifies that the act of disclosing data pertains to privacy, while unauthorized use, modification, and damage or loss of data relate to security. Options A and B incorrectly categorize modification and unauthorized use, respectively, as privacy issues. Option D mistakenly categorizes damage or loss of data as a privacy concern, which is not accurate.