CTO CTO Regulatory Compliance & Legal

Question 1

Under GDPR, which role is responsible for ensuring technology systems process personal data lawfully, and what is their primary obligation?

Accepted Answer

The Data Protection Officer (DPO), who oversees compliance and advises on data protection obligations

Answer

The DPO is the designated compliance role under GDPR responsible for monitoring data protection practices and serving as the point of contact for supervisory authorities.

Question 2

A US-based healthcare technology company must ensure its platform complies with patient data privacy requirements. Which regulation is primarily applicable?

Accepted Answer

HIPAA (Health Insurance Portability and Accountability Act)

Answer

HIPAA sets the federal standard for protecting sensitive patient health information (PHI) in the United States, applying to covered entities and their business associates.

Question 3

What is a Software Bill of Materials (SBOM) and why is it increasingly required by US regulators for technology vendors?

Accepted Answer

A formal inventory of software components and dependencies used in a product, required to identify supply chain vulnerabilities

Answer

An SBOM provides transparency into the open-source and third-party components within software, enabling organizations to quickly assess exposure when new vulnerabilities are disclosed.

Question 4

The Sarbanes-Oxley Act (SOX) Section 404 has significant implications for CTOs of publicly traded US companies. What does it primarily require?

Accepted Answer

Management to assess and report on the effectiveness of internal controls over financial reporting, including IT controls

Answer

SOX Section 404 requires management to evaluate and attest to the effectiveness of internal controls over financial reporting, with IT general controls being a critical component.

Question 5

A CTO is launching a product that collects personal data from California residents. Which state privacy law must the product comply with?

Accepted Answer

California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

Answer

The CCPA (amended by CPRA) grants California residents rights over their personal data and imposes obligations on businesses that collect or sell that data.

(CTO) Certified Chief Technology Officer Practice Test

(CTO) Certified Chief Technology Officer Practice Test

CTO CTO Regulatory Compliance & Legal