Exam CISM topic 1 question 40 discussion

The Correct answer is C cause it is the only one that could be interpreted as a statement. The rest are either contracts or requirements. A is incorrect cause a limited liability clause is a contract that limits the amount of money or damages that one party can recover from another party for breaches or performance failures. But the privacy statement is statement not a contract. B. Access Controls requirements are not a statement C. Explaining how information is used could be a statement. D. B. Access Controls requirements are not a statement

The corporate privacy statement on a public website typically should include an explanation of how the organization collects, uses, processes, and shares the personal information of visitors. This section helps individuals understand how their information will be handled and provides transparency about the organization's privacy practices. While the other options may be relevant in certain contexts, the most essential element to include in a privacy statement is an explanation of how the organization intends to use the collected information. This is a fundamental aspect of privacy disclosures and compliance with privacy regulations.

C The primary purpose of a corporate privacy statement on a public website is to inform users about how their data will be used, shared, and protected, in accordance with privacy regulations and best practices.

C. We're talking about privacy. You are choosing to use our site so we aren't liable for what happens, its your choice to be there. However, we WANT you to use our site in most cases so we want to inform you about how we're using your data even if its not required by laws such as CCPA, PIPEDA or GDPR.

Focus is on "privacy statement "

C, as this explains the terms and conditions of acceptable use of information for a public website.

C. Explanation of information usage

C is correct

Limited liability clause