Which of the following observations should be of MOST concern to an IT privacy practitioner during an evaluation of an organization’s privacy practices?
A.
Employee records are maintained on a shared drive
B.
Email is sent out without a data classification label
C.
Third-party service desk staff can view limited customer data
D.
Tokens for personally identifiable data are stored as database fields
Storing tokens of PII directly in database fields undermines the security of tokenization and risks re-identification, making it the most concerning issue. Shared drives (A) and lack of labels (B) are governance gaps, and limited third-party access (C) can be controlled contractually, but token misuse (D) poses direct privacy risk.
“Improper token storage can compromise de-identification, reintroducing privacy risk.”
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit