Certified in Risk and Information Systems Control (CRISC) — Question 1085

An organization is concerned with the use of personally identifiable information (PII) in a test database. Which of the following would BEST address this concern?

Answer options

• A. Privacy impact assessments
• B. Consent to collect
• C. Data use agreements
• D. Data anonymization

Correct answer: D

Explanation

Data anonymization is the most effective method as it removes or modifies PII, ensuring that individuals cannot be identified from the data. Privacy impact assessments, consent to collect, and data use agreements may help in managing data but do not directly eliminate the risk associated with PII in a test database.