ISACA Certified AI Security Manager — Question 15

The PRIMARY reason to conduct a privacy impact assessment (PIA) on an AI system is to:

Answer options

• A. identify applicable regulations.
• B. determine whether personal data is poisoned.
• C. build customer confidence.
• D. analyze how personal data is handled.

Correct answer: D

Explanation

The correct answer is D because a privacy impact assessment is primarily focused on understanding and analyzing how personal data is processed and managed within an AI system. Option A, while important, is not the primary purpose of a PIA. Option B is misleading as 'poisoned' data refers to data integrity issues rather than privacy practices. Option C, although beneficial, is more of a secondary outcome rather than the main aim of conducting a PIA.