Certified Information Privacy Technologist (CIPT) — Question 202

To meet data protection and privacy legal requirements that may require personal data to be disposed of or deleted when no longer necessary for the use it was collected, what is the best privacy-enhancing solution a privacy technologist should recommend be implemented in application design to meet this requirement?

Answer options

• A. Implement a process to delete personal data on demand and maintain records on deletion requests
• B. Implement automated deletion of off-site backup of personal data based on annual risk assessments
• C. Develop application logic to validate and purge personal data according to legal hold status or retention schedule
• D. Securely archive personal data not accessed or used in the last 6 months. Automate a quarterly review to delete data from archive once no longer needed

Correct answer: C

Explanation

The correct answer, C, involves developing application logic that ensures personal data is validated and purged according to legal requirements, which is crucial for compliance. Option A focuses on on-demand deletion without considering systematic legal retention, while option B addresses backup deletion rather than active data management. Option D suggests archiving data but does not actively manage data in accordance with legal hold or retention policies.