It's crylstal clear on OECD's privacy guidelines and I don't know what they are talking about hahaha
Collection limitation principle - limit the collection of personal data to only what is needed to provide a service, obtain the personal data lawfully and, where appropriate, with the knowledge or consent of the data subject.
The acquisition of personal data being obtained by a lawful and fair means is an example of the Collection Limitation Principle.
The Collection Limitation Principle is one of the fundamental principles of data protection and privacy. It states that personal data should be collected by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
CISSP Official Study Guide pg 166 "The key provisions of the GDPR include the following:
- Lawfulness, fairness, and transparency says that you must have a legal basis for processing personal information, you must not process data in a manner that is misleading or detrimental to data subjects, and you must be open and honest about data processing activities.
- Purpose limitation says that you must clearly document and disclose the purposes for which you collect data and limit your activity to disclosed purposes.
..."
- Data minimization says that you must ensure that the data you process is adequate for your stated purpose and limited to what you actually need for that purpose.
- Accuracy says that the data you collect, create, or maintain is correct and not misleading, that you maintain updated records, and that you correct or erase inaccurate data.
- Storage limitation says that you keep data only for as long as it is needed to fulfill a legitimate, disclosed purpose and that you comply with the "right to be forgotten" that allows people to require companies to delete their information if it is no longer needed
- Security says that you must have appropriate integrity and confidentiality controls in place to protect data.
- Accountability says that you must take responsibility for actions you take with protected data and that you must be able to demonstrate your compliance."
"A" - (1) The Collection Limitation Principle. There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
A is correct..
reference https://itlaw.fandom.com/wiki/Fair_Information_Practice_Principles
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kjfdhfkjh
4 weeks agonoh_ssiw_l
1 year, 3 months agoBach1968
1 year, 5 months agoRVoigt
1 year, 9 months agoRVoigt
1 year, 9 months agocccispman
1 year, 12 months agojackdryan
1 year, 7 months agoJamati
2 years, 1 month agofranbarpro
2 years, 2 months agoN00b1e
2 years, 3 months agobherto39
2 years, 3 months ago