Before planning the assessment, priority areas need to be determined by conducting a Risk Management exercise. To adequately identify such priority areas, what possible parameters could be considered? (Tick all that apply)
A.
Degree of harm that could result from potential privacy breach
B.
Functions / processes involved in data collection from end customers
C.
Business-related IP dealt by a process/function
D.
Degree of involvement of third parties in processing personal information
E.
Deployment of technology solutions that could potentially intrude privacy
F.
Functions / processes dealing with sensitive personal information such as Personal Health Information (PHI), credit card information, biometrics, among others
C (business-related IP) is typically an information security concern, not a privacy concern unless it involves personal data.
==============
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit