Certified in Risk and Information Systems Control (CRISC) — Question 1374

Which of the following should be the FIRST
consideration when a business unit wants to use personal information for a purpose other than for which it was originally collected?

Answer options

• A. Informed consent
• B. Data breach protection
• C. Cross border controls
• D. Business impact analysis (BIA)

Correct answer: A

Explanation

Informed consent is crucial as it ensures individuals are aware and agree to the new use of their personal information. The other options, while important, focus on different aspects of data management and do not address the need for permission when changing the purpose of data use.