A company's human resources (HR) group is working with their information security team lo tag data within their systems as ''special data" or "sensitive data" What is the most probable reason for the group to do so?
SCENARIO
Please use the following lo answer the next question:
You are the privacy manager within the privacy office of a National Forest Parks and Recreation Department. While having lunch with a colleague from the IT division, you learn that the IT director has put out a request for proposal (RFP) which calls for a system that collects the personal data of park attendees.
You consult with a few other colleagues in IT and learn that the RFP is worded such that it leaves it to the vendors to demonstrate what information they would collect from people who enter parks anywhere in the country, either in a vehicle or on foot. A partial list of the information collected includes:
• personal identifiers such as name, address, age, gender;
• vehicle registration information:
• facial images of park attendees;
• health information (e.g.. physical disabilities, use of mobility devices)
The stated purpose of the RFP is to:
"Improve the National Forest. Parks, and Recreation Department's ability to track and monitor service usage thereby Increasing the robustness of our customer data and to improve service offerings.''
Companies have already started submitting proposals for software solutions that address these information gathering practices. There is only one week left before the RFP closes.
The IT department has put together an RFP evaluation team but no one from the privacy office has been a Dart of the RFP ud to this point. This occurred deposite the fact….
From a privacy management perspective, what is problematic about the "stated purpose" of the RFP?
How are individual program needs and specific organizational goals identified in privacy framework development?
SCENARIO
Please use the following lo answer the next question:
You are the privacy manager within the privacy office of a National Forest Parks and Recreation Department. While having lunch with a colleague from the IT division, you learn that the IT director has put out a request for proposal (RFP) which calls for a system that collects the personal data of park attendees.
You consult with a few other colleagues in IT and learn that the RFP is worded such that it leaves it to the vendors to demonstrate what information they would collect from people who enter parks anywhere in the country, either in a vehicle or on foot. A partial list of the information collected includes:
• personal identifiers such as name, address, age, gender;
• vehicle registration information:
• facial images of park attendees;
• health information (e.g.. physical disabilities, use of mobility devices)
The stated purpose of the RFP is to:
"Improve the National Forest. Parks, and Recreation Department's ability to track and monitor service usage thereby Increasing the robustness of our customer data and to improve service offerings.''
Companies have already started submitting proposals for software solutions that address these information gathering practices. There is only one week left before the RFP closes.
The IT department has put together an RFP evaluation team but no one from the privacy office has been a Dart of the RFP ud to this point. This occurred deposite the fact….
Which of the following is the least important privacy consideration associated with assessing data when implementing a large-scale project like this?
“Respond” in the privacy operational lifecycle includes which of the following?
When implementing Privacy by Design (PbD), what would NOT be a key consideration?
SCENARIO
Please use the following to answer the next QUESTION:
Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the Society’s store had been hacked. The thefts could have been employee-related.
Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the “misunderstanding” has not occurred again.
As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters, however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues of sales of items such as shirts and coffee cups from the store have been significant. The Society’s operating budget is slim, and all sources of revenue are essential.
Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data cloud. “The good news,” he says, “is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a small charge to pass through to you, it won’t be exorbitant, especially considering the advantages of a cloud.”
Lately, you have been hearing about cloud computing and you know it’s fast becoming the new paradigm for various applications. However, you have heard mixed reviews about the potential impacts on privacy protection. You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared conventions and technologies for privacy protection. You make a note to find out if Jason’s Finnish provider is signing on.
After conducting research, you discover a primary data protection issue with cloud computing. Which of the following should be your biggest concern?
(All of the following are the responsibilities of the privacy professional EXCEPT?)
TESTED 19 Jan 2026
