Certified in Risk and Information Systems Control (CRISC) — Question 1107

Which of the following is the FIRST consideration to reduce risk associated with the storage of personal data?

Answer options

• A. Normalize the personal data.
• B. Implement privacy training.
• C. Minimize the collection of data.
• D. Encrypt the personal data.

Correct answer: C

Explanation

Minimizing the collection of data is the most effective way to reduce risk since it limits the amount of personal information that could potentially be exposed. While normalizing, encrypting, and implementing training are important, they do not directly address the root issue of excessive data collection.