Question 1

To meet data protection and privacy legal requirements that may require personal data to be disposed of or deleted when no longer necessary for the use it was collected, what is the best privacy-enhancing solution a privacy technologist should recommend be implemented in application design to meet this requirement?

Options :

A : Implement a process to delete personal data on demand and maintain records on deletion requests.

B : Implement automated deletion of off-site backup of personal data based on annual risk assessments.

C :

Develop application logic to validate and purge personal data according to legal hold status or retention schedule.

D :

Securely archive personal data not accessed or used in the last 6 months. Automate a quarterly review to delete data from archive once no longer needed.

Answer: C

Question 2

Which of the following would be the most appropriate solution for preventing privacy violations related to information exposure through an error message?

Options :

A : Configuring the environment to use shorter error messages.

B : Handing exceptions internally and not displaying errors to the user.

C : Creating default error pages or error messages which do not include variable data.

D : Logging the session name and necessary parameters once the error occurs to enable trouble shooting.

Answer: C

Question 3

In terms of data extraction, which of the following should NOT be considered by a privacy technologist in relation to the ease of an individual to reuse personal data across different IT environments?

Options :

A : The size of the data.

B : The format of the data.

C : The medium of the data.

D : The interoperability of the data.

Answer: A

Question 4

An EU marketing company is planning to make use of personal data captured to make automated decisions based on profiling. In some cases, processing and automated decisions may have a legal effect on individuals, such as credit worthiness.

When evaluating the implementation of systems making automated decisions, in which situation would the company have to accommodate an individual's right NOT to be subject to such processing to ensure compliance under the General Data Protection Regulation (GDPR)?

Options :

A : When an individual-s legal status or rights are not affected by the decision.

B : When there is no human intervention or influence in the decision-making process.

C : When the individual has given explicit consent to such processing and suitable safeguards exist.

D : When the decision is necessary for entering into a contract and the individual can contest the decision.

Answer: D

Question 5

An organization is deciding between building a solution in-house versus purchasing a solution for a new customer facing application. When security threats are taken into consideration, a key advantage of purchasing a solution would be the availability of?

Options :

A : Outsourcing.

B : Persistent VPN.

C : Patching and updates.

D : Digital Rights Management.

Answer: C