ISACA Certified AI Security Manager — Question 25

A retail organization implements an AI-driven recommendation system that utilizes customer purchase history. Which of the following is the BEST way for the organization to ensure privacy and comply with regulatory standards?

Answer options

• A. Establishing a governance committee to oversee AI privacy practices
• B. Storing customer data indefinitely to ensure the AI model has a complete history
• C. Maintaining a register of legal and regulatory requirements for privacy
• D. Conducting quarterly retraining of the AI model to maintain the accuracy of recommendations

Correct answer: C

Explanation

The correct answer is C, as maintaining a register of legal and regulatory requirements ensures that the organization stays informed about privacy standards and can adapt its practices accordingly. Option A, while beneficial, does not directly address compliance, and option B violates privacy principles by holding data indefinitely. Option D focuses on model accuracy rather than privacy compliance.