Certified Information Privacy Technologist (CIPT) — Question 54

A privacy engineer reviews a newly developed on-line registration page on a company's website. The purpose of the page is to enable corporate customers to submit a returns / refund request for physical goods. The page displays the following data capture fields: company name, account reference, company address, contact name, email address, contact phone number, product name, quantity, issue description and company bank account details.
After her review, the privacy engineer recommends setting certain capture fields as `non-mandatory`. Setting which of the following fields as `non-mandatory` would be the best example of the principle of data minimization?

Answer options

• A. The contact phone number field.
• B. The company address and name.
• C. The contact name and email address.
• D. The company bank account detail field.

Correct answer: B

Explanation

Setting the company address and name as `non-mandatory` is the best example of data minimization, as this information is not essential for processing returns or refunds. The contact phone number, contact name, email address, and bank account details are more critical for effective communication and transaction processing, making them less suitable for non-mandatory status.