Certified Information Systems Auditor (CISA) — Question 278

As part of a recent business-critical initiative, an organization is re-purposing its customer data. However, its customers are unaware that their data is being used for another purpose What is the BEST recommendation to address the associated data privacy risk to the organization?

Answer options

• A. Ensure the data processing activity remains onshore.
• B. Maintain an audit trail of the data analysis activity.
• C. Obtain customer consent for secondary use of the data.
• D. Adjust the existing data retention requirements.

Correct answer: C

Explanation

The best approach to mitigate data privacy risks is to obtain customer consent for secondary use of the data, as this ensures transparency and compliance with regulations. The other options, while important for data management, do not address the fundamental issue of customer awareness and consent regarding their data usage.