Certified in Risk and Information Systems Control (CRISC) — Question 993

Which of the following is the ULTIMATE goal of conducting a privacy impact analysis (PIA)?

Answer options

• A. To identify gaps in data protection controls
• B. To identify personally identifiable information (PII)
• C. To develop a customer notification plan
• D. To determine gaps in data deidentification processes

Correct answer: A

Explanation

The main aim of a privacy impact analysis (PIA) is to identify gaps in data protection controls, which helps organizations enhance their privacy measures. While identifying personally identifiable information (PII), developing a customer notification plan, and determining gaps in data deidentification processes are important, they are not the ultimate goal of a PIA.