Exam CIPT topic 1 question 30 discussion

C. Applying audit trails to resources to monitor company personnel goes beyond just controlling access—it actively monitors and records how data is used after access is granted. This is crucial for limiting data use because it provides a mechanism to detect and respond to any misuse or unauthorized use of data within the organization. In summary: A and D are about controlling access and rights, but C specifically focuses on limiting data use by providing continuous oversight through monitoring and auditing, making it the best option for improving the system of limiting data use.

DRM helps control access to digital content and restricts how data is used, ensuring that only authorized individuals can access and manipulate it.

Instituting a system of user authentication for company personnel.

I think D

Answer is D, based on Privacy in Technology book. All answer is correct, but base on priority, first one is explicit consent on secondary use, second is user authentication

C is correct. DRM is more related to end users. For systems you should rely on audit logs to monitor usage of data.

Digital Rights Management: This is used to ensure that digital content is only delivered to those who are authorized to receive it. It can also limit what assigned users can do with the content. For example, a person may be permitted to read a © International Association of Privacy Professionals 10 the document, but not allowed to print it, email it to others, copy content from it or modify it.