Exam CISSP topic 1 question 405 discussion

I vote for D. ChatGPT4.0 says: The privacy regulation that should concern the Chief Data Officer (CDO) regarding the marketing department's practice of collecting information from individuals without their knowledge and consent via the company website is: D. The Personal Information Protection and Electronic Documents Act (PIPEDA)

D. The Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA is Canada's federal privacy law governing the collection, use, and disclosure of personal information by private sector organizations. It sets out rules for how organizations must handle individuals' personal information, including obtaining consent for the collection and use of personal data. Violating PIPEDA by collecting information without consent can result in significant penalties and fines. Therefore, the CDO should be concerned about ensuring compliance with PIPEDA and rectifying the unauthorized data collection practice.

CISSP official guide 9th Edition, Pg 167.... canadian law affects the processing of personal information related to Canadian residents. (PIPEDA) is a national-level law that restricts how commercial business may collect, use and disclose personal information.

According to CISSP official guide 9th Edition, Pg 173 The United States has a number of privacy laws that affect the government’s use of information as well as the use of information by specific industries, such as financial services companies and healthcare organizations that handle sensitive information. The EU has a more comprehensive General Data Protection Regulation that governs the use and exchange of personal information. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) governs the use of personal information

D is right.