Certified in Risk and Information Systems Control (CRISC) — Question 672
What should be the PRIMARY consideration related to data privacy protection when there are plans for a business initiative to make use of personal information?
Answer options
- A. Limit access to the personal data.
- B. Do not collect or retain data that is not needed.
- C. Redact data where possible.
- D. Ensure all data is encrypted at rest and during transit.
Correct answer: B
Explanation
The correct answer is B because minimizing the collection and retention of personal data reduces the risk of potential breaches and privacy violations. Options A, C, and D, while important, are secondary to the principle of not holding onto data that isn't essential for business purposes.