Certified Information Privacy Technologist (CIPT) — Question 84

Which of the following is the LEAST effective at meeting the Fair Information Practice Principles (FIPPs) in the Systems Development Life Cycle (SDLC)?

Answer options

• A. Conducting privacy threat modeling for the use-case
• B. Following secure and privacy coding standards in the development
• C. Developing data flow modeling to help the purpose, protection and retention of sensitive data
• D. Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks

Correct answer: D

Explanation

Option D is the least effective because while reviewing against OWASP Top 10 is important for security, it does not directly address the principles of privacy and data protection outlined in FIPPs. Options A, B, and C are all actively focused on ensuring privacy and sensitive data management, which are critical aspects of FIPPs.