Comprehensive and Detailed Explanation:
While privacy laws require appropriate technical security controls, most laws do not specify exactly which controls must be used. Instead, they mandate organizations to adopt "appropriate technical and organizational measures".
Option A (Part of data governance strategy) is correct because security controls support data protection and privacy governance.
Option B (Often satisfy multiple jurisdictions) is correct since common security measures (e.g., encryption, access controls) align with various privacy regulations.
Option D (Security expert involvement) is correct because deploying security controls requires specialized knowledge.
[Reference:CIPM Official Textbook, Module: Privacy and Data Security – Section on Legal Requirements for Technical Controls., , ]
Submit