Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 89

Which of the following data security policies is most likely to be the result of a data privacy law?

Answer options

• A. Access to personally identifiable information is limited to those who need it to perform their job.
• B. Confidential data must be backed up and recoverable within a 24-hour period.
• C. Updates to systems containing sensitive data must be approved before being moved to production.
• D. A record of employees with access to insider information must be maintained, and those employees may not trade company stock during blackout periods.

Correct answer: A

Explanation

Option A is correct because data privacy laws often require restrictions on access to personally identifiable information to protect individual privacy. The other options pertain to data management and operational procedures that are not directly influenced by data privacy legislation.