Isaca ISACA Advanced in AI Audit (AAIA) AAIA Question # 12 Topic 2 Discussion
AAIA Exam Topic 2 Question 12 Discussion:
Question #: 12
Topic #: 2
An organization plans to share customer data collected through an AI system with third-party vendors. Which of the following BEST demonstrates compliance with data privacy principles?
A.
Including a statement about AI data sharing practices in the company's privacy policy
B.
Obtaining expressed consent from customers before sharing their data
C.
Communicating to customers about AI data sharing practices
D.
Ensuring vendors implement adequate technical safeguards for data protection
The strongest demonstration of compliance with privacy principles—especially those emphasized in AAIA, such aslawfulness, transparency, and consent—is obtainingexpressed customer consent(B) before sharing data with third parties. Consent ensures that data processing aligns with legal and ethical requirements, reducing risks related to regulatory violations, unauthorized processing, and loss of customer trust.
Option A and C relate only to disclosure and transparency, which are necessary but insufficient. Option D concerns vendor security controls, which are important but do not address the legal basis for sharing data.Explicit, informed consentis the highest standard of compliance for third-party data sharing.
[References:, ISACA,AAIA Exam Content Outline– Domain 5: Legal Requirements and Data Privacy in AI., ISACA data governance guidance on lawful basis and consent., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit