Certified Information Privacy Technologist (CIPT) — Question 39

Which of these actions is NOT generally part of the responsibility of an IT or software engineer?

Answer options

• A. Providing feedback on privacy policies.
• B. Implementing multi-factor authentication.
• C. Certifying compliance with security and privacy law.
• D. Building privacy controls into the organization's IT systems or software.

Correct answer: C

Explanation

The correct answer is C because certifying compliance with security and privacy laws is generally a legal or compliance role, rather than a primary responsibility of an IT or software engineer. Options A, B, and D are all part of the technical responsibilities that an IT or software engineer would typically handle.