The most effective way to assess a privacy program is to analyze the life cycle of sensitive data. This includes how personal or confidential data are collected, classified, used, stored, shared, retained, archived, and destroyed. Privacy effectiveness depends on whether controls operate throughout the full data life cycle, not merely whether policies exist. Employee interviews may provide useful context but are not sufficient. Penetration tests assess technical security weaknesses, not the overall privacy program. Reviewing policies and procedures confirms design but does not prove operational effectiveness. Internal audit should trace sensitive data flows, assess consent, access, retention, third-party sharing, breach response, and monitoring. Therefore, Option D is correct.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit