Certified Information Systems Security Professional (CISSP) — Question 68

An organization has developed a way for customers to share information from their wearable devices with each other. Unfortunately, the users were not informed as to what information collected would be shared. What technical controls should be put in place to remedy the privacy issue while still trying to accomplish the organization's business goals?

Answer options

• A. Share only what the organization decides is best.
• B. Stop sharing data with the other users.
• C. Default the user to not share any information.
• D. Inform the user of the sharing feature changes after implemented.

Correct answer: C

Explanation

The correct answer is C because defaulting users to not share any information protects their privacy until they can make an informed decision. Option A is inappropriate as it may not prioritize user consent, B would completely halt data sharing and could undermine the service, and D fails to proactively inform users before the sharing occurs, which is essential for privacy management.