An organization is establishing a privacy program to ensure that personally identifiable information (PII) is properly protected. What is the FIRST action the organization should take to establish the program?
A.
Appoint a senior official to oversee the privacy program.
B.
Allocate sufficient resources to implement the privacy program.
C.
Develop a strategic organizational privacy plan.
The FIRST action an organization should take to establish a privacy program to ensure that personally identifiable information (PII) is properly protected is to appoint a senior official to oversee the privacy program (Option A).
The senior official should have the authority to implement and manage the privacy program across the organization. This person should have a clear understanding of the importance of privacy and the relevant laws and regulations that apply to the organization's operations. Appointing a senior official to oversee the privacy program demonstrates the organization's commitment to protecting personal information, and provides clear leadership and accountability for the privacy program.
ANSWER: C. Develop a strategic organizational privacy plan.
This link also has first step as develop a plan - no mention of appointing a CPO
https://www.linkedin.com/pulse/six-steps-developing-robust-privacy-program/
ANSWER: C. Develop a strategic organizational privacy plan.
There is no mention of appointing a senior official in the NIST publication; it only talks about creating a privacy plan and the safeguards for privacy.
https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-122.pdf#page=24&zoom=100,92,96
It does make sense to appoint someone to be the privacy officer, but if I can't find that in the documentation, I"m not using that answer on the test.
Answer A) Appoint a senior official to oversee the privacy program.
my reasoning is based on "which came first, the chicken or egg" You need someone to lead and develop the program....if not, how are you going to come up with a strategy
A. Appoint a senior official to oversee the privacy program.
The first action an organization should take when establishing a privacy program is to appoint a senior official, such as a Chief Privacy Officer (CPO) or Data Protection Officer (DPO), to oversee the program. This individual will be responsible for ensuring that privacy policies and procedures are developed, implemented, and enforced throughout the organization. They play a crucial role in championing privacy initiatives, monitoring compliance with privacy laws and regulations, and acting as a point of contact for privacy-related matters. Once this senior official is in place, they can then proceed with allocating resources, developing a strategic plan, and monitoring privacy laws and policy changes as part of the broader privacy program.
This is what I found in NIST 800-122:
To establish a comprehensive privacy program that addresses the range of privacy issues that organizations may face, organizations should take steps to establish policies and procedures that address all of the Fair Information Practices.
Nothing mentioned about opt. A. Going with C.
Determining the session timeout requirement for an application based on its specific requirements is the best approach because it ensures that the timeout setting will be appropriate for the application's particular security and usability needs.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
user009
Highly Voted 1 year, 10 months agojackdryan
1 year, 7 months agoJBAnalyst
Most Recent 6 months agoCCNPWILL
6 months, 3 weeks agoGuardianAngel
10 months, 3 weeks agoGuardianAngel
10 months, 3 weeks agoYesPlease
1 year agoviewfirst01
9 months, 2 weeks agoSoleandheel
1 year agoisaac592
1 year, 2 months agoMeowson
1 year, 6 months agoemrys
1 year, 9 months ago