每周一题来啦！本周是IAPP CIPT练习题，大家快来解答啦啦啦！比别人多学几道题，多几分冲进及格线🔆

听题😏

1.Use the following to answer question:

You have been tasked with developing an incident response process for your employer, BrandEnt Company, a media entertainment company. As the Senior Manager of Information Privacy, you have been creating privacy-related procedures for the company. There has been an uptick in the number of privacy-related questions being sent to customer service through the website’s generic portal, and the customer service reps are unsure of what to do with the questions. This has led to the Director of Privacy asking that you work with the IT department to identify, track and resolve privacy-related incidents, as well as with the Information Security team to leverage their existing incident-management process.

As you review the questions, you notice that many customers are asking what personal information BrandEnt has collected about them and, in many cases, requesting corrections to their information. You grow concerned as you notice that customer service representatives are not always responding to these inquiries. The website doesn’t have a portal dedicated to asking privacy-related questions, and instead a general customer service portal form is being used. This form only requests the customer’s name and their email address. The site does not require authentication to get to this portal. For responses that have been processed, the

customer service representatives sent compressed files containing all data collected regarding the individual and sent it to the email provided.

You reach out to the Information Security team to request access to their incident ticketing system to determine if the existing process can be leveraged. As you review the incident tickets, you notice several security incidents related to data breaches. After speaking with

the Information Security Team Lead, you learn that the tickets were closed after the vulnerabilities were patched and the system owners were notified.

Which common privacy principle is missing at BrandEnt?

.

A. Use limitation.

B. Collection limitation.

C. Data quality.

D. Security safeguard.

翻译😮：

1.请使用以下内容回答问题：

您的任务是为您的雇主BrandEnt公司（一家媒体娱乐公司）制定事件响应流程。作为信息隐私的高级经理，您一直在为公司创建与隐私相关的程序。通过该网站的通用门户网站发送给客户服务的与隐私相关的问题数量有所增加，客户服务代表不确定该如何处理这些问题。这导致隐私总监要求您与IT部门合作，以识别、跟踪和解决与隐私相关的事件，并与信息安全团队合作，利用其现有的事件管理流程。

当您回顾这些问题时，您会注意到许多客户都在询问BrandEnt收集了哪些关于他们的个人信息，并且在许多情况下，要求更正他们的信息。当您注意到客户服务代表并不总是回复这些询问时，您会感到担忧。该网站没有专门询问隐私相关问题的门户网站，而是使用了一个通用的客户服务门户网站表格。此表单仅要求提供客户的姓名和电子邮件地址。该网站不需要身份验证即可访问此门户。对于已处理的回复，客户服务代表发送压缩文件，其中包含收集到的有关个人的所有数据，并将其发送到提供的电子邮件中。

您可以联系信息安全团队，请求访问他们的事故票务系统，以确定是否可以利用现有流程。当您查看事件记录单时，您会注意到与数据泄露有关的几起安全事件。在与信息安全团队负责人交谈后，您了解到在修补漏洞并通知系统所有者后，票证已关闭。

BrandEnt缺少哪些常见的隐私原则？

.

A.使用限制。

B.收款限制。

C.数据质量。

D.安全保障。

🤗选好了吗？？🤗

✅公布正确答案🔔

正确答案是C，1980年经合组织的指导方针为隐私提供了一个基本的国际标准。该指南包含了联邦贸易委员会FIPP中没有的原则，如收集限制原则，而GAPP以与NIST隐私控制类似的方式，在很大程度上将该指南细化为更具体的隐私控制。

该指南转载自经合组织网站如下：…数据质量原则——个人数据应与其使用目的相关，并且在这些目的所需的范围内，应准确、完整并保持最新。信息技术隐私简介：技术专家手册，1.5虽然完整性和隐私之间的联系可能不如保密性和隐私间的联系那么清晰，但两者之间有着密切的联系。GDPR等隐私法规明确要求数据质量。

这通常是指收集的个人信息是正确和完整的，这可能是因为数据收集时的错误或遗漏，也可能是因为一旦数据进入计算机系统，就无法保持数据的完整性。