Certified Information Privacy Technologist (CIPT) — Question 271

Which of the following is the LEAST effective at meeting the Fair Information Practice Principles (FIPPs) in the Systems Development Life Cycle (SDLC)?

Answer options

• A. Defining requirements to manage end user content
• B. Conducting privacy threat modeling for the use-case
• C. Developing data flow modeling to help the purpose, protection, and retention of sensitive data
• D. Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks

Correct answer: D

Explanation

Option D is the least effective because while reviewing code for security vulnerabilities is important, it does not directly address the principles of data management and privacy outlined in the FIPPs. In contrast, options A, B, and C focus on user content, threat modeling, and data protection, which are more aligned with FIPPs.