Certified in Risk and Information Systems Control (CRISC) — Question 690

Which of the following should be the PRIMARY consideration when assessing the risk of using Internet of Things (IoT) devices to collect and process personally identifiable information (PII)?

Answer options

Correct answer: C

Explanation

The correct answer is C, as local laws and regulations are crucial in ensuring compliance and protecting individuals' privacy rights when using IoT devices. The other options, while important, do not address the legal implications and obligations that arise from handling PII, which can vary significantly by jurisdiction.