CIPT 試験問題 91
SCENARIO
WebTracker Limited は、ロンドンに拠点を置くクラウドベースのオンライン マーケティング サービスです。昨年、WebTracker はその IT インフラストラクチャをクラウド プロバイダーの AmaZure に移行しました。AmaZure は、SQL データベースと人工知能サービスを WebTracker に提供しています。両社間の役割と責任は、データ管理者の役割を WebTracker に割り当てることを含む標準契約で正式に定められています。
WebTracker の CEO であるボンド氏は、AmaZure のプライバシー管理の有効性を評価したいと考えており、最近あなたを独立監査人として雇用することを決定しました。取り組みの範囲は、WebTracker が提供するマーケティング サービスのみに限定されており、人事や給与計算などの内部データ処理アクティビティは評価されません。
This ad-hoc audit was triggered due to a future partnership between WebTracker and SmartHome - a partnership that will not require any data sharing. SmartHome is based in the USA, and most recently has dedicated substantial resources to developing smart refrigerators that can suggest the recommended daily calorie intake based on DNA information. This and other personal data is collected by WebTracker.
To get an idea of the scope of work involved, you have decided to start reviewing the company's documentation and interviewing key staff to understand potential privacy risks.
The results of this initial work include the following notes:
* There are several typos in the current privacy notice of WebTracker, and you were not able to find the privacy notice for SmartHome.
* You were unable to identify all the sub-processors working for SmartHome. No subcontractor is indicated in the cloud agreement with AmaZure, which is responsible for the support and maintenance of the cloud infrastructure.
* There are data flows representing personal data being collected from the internal employees of WebTracker, including an interface from the HR system.
* Part of the DNA data collected by WebTracker was from employees, as this was a prototype approved by the CEO of WebTracker.
* All the WebTracker and SmartHome customers are based in USA and Canada.
Based on the initial assessment and review of the available data flows, which of the following would be the most important privacy risk you should investigate first?
WebTracker Limited は、ロンドンに拠点を置くクラウドベースのオンライン マーケティング サービスです。昨年、WebTracker はその IT インフラストラクチャをクラウド プロバイダーの AmaZure に移行しました。AmaZure は、SQL データベースと人工知能サービスを WebTracker に提供しています。両社間の役割と責任は、データ管理者の役割を WebTracker に割り当てることを含む標準契約で正式に定められています。
WebTracker の CEO であるボンド氏は、AmaZure のプライバシー管理の有効性を評価したいと考えており、最近あなたを独立監査人として雇用することを決定しました。取り組みの範囲は、WebTracker が提供するマーケティング サービスのみに限定されており、人事や給与計算などの内部データ処理アクティビティは評価されません。
This ad-hoc audit was triggered due to a future partnership between WebTracker and SmartHome - a partnership that will not require any data sharing. SmartHome is based in the USA, and most recently has dedicated substantial resources to developing smart refrigerators that can suggest the recommended daily calorie intake based on DNA information. This and other personal data is collected by WebTracker.
To get an idea of the scope of work involved, you have decided to start reviewing the company's documentation and interviewing key staff to understand potential privacy risks.
The results of this initial work include the following notes:
* There are several typos in the current privacy notice of WebTracker, and you were not able to find the privacy notice for SmartHome.
* You were unable to identify all the sub-processors working for SmartHome. No subcontractor is indicated in the cloud agreement with AmaZure, which is responsible for the support and maintenance of the cloud infrastructure.
* There are data flows representing personal data being collected from the internal employees of WebTracker, including an interface from the HR system.
* Part of the DNA data collected by WebTracker was from employees, as this was a prototype approved by the CEO of WebTracker.
* All the WebTracker and SmartHome customers are based in USA and Canada.
Based on the initial assessment and review of the available data flows, which of the following would be the most important privacy risk you should investigate first?
CIPT 試験問題 92
Which of the following does NOT illustrate the 'respect to user privacy' principle?
CIPT 試験問題 93
Which is NOT a way to validate a person's identity?
CIPT 試験問題 94
Users of a web-based email service have their accounts breached through compromised login credentials. Which possible consequences of the breach illustrate the two categories of Calo's Harm Dimensions?
CIPT 試験問題 95
侵害対応センターの主な機能は何ですか?