Certified Information Systems Auditor (CISA) — Question 758

Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?

Answer options

• A. To comply with legal and regulatory requirements
• B. To prevent confidential data loss
• C. To provide options to individuals regarding use of their data
• D. To identify data at rest and data in transit for encryption

Correct answer: A

Explanation

The primary objective of implementing privacy controls is to ensure compliance with legal and regulatory requirements, which is essential for avoiding legal penalties. While preventing data loss, providing options for data use, and identifying data for encryption are important, they are secondary to the need for compliance with laws and regulations governing data privacy.