GRC GRC Data Privacy and Information Governance

Question 1

Which U.S. federal law primarily governs the privacy of health information held by covered entities and their business associates?

Accepted Answer

HIPAA

Answer

FERPA

Answer

GLBA

Answer

CCPA

Question 2

Under the NIST Privacy Framework, which core function focuses on developing organizational understanding to manage privacy risk?

Accepted Answer

Identify-P

Answer

Protect

Answer

Respond-P

Answer

Control

Question 3

A data governance policy that defines who can access, modify, and delete data is best described as a:

Accepted Answer

Data access control policy

Answer

Data retention schedule

Answer

Data stewardship policy

Answer

Data classification matrix

Question 4

Which concept requires organizations to collect only the minimum amount of personal data necessary for a stated purpose?

Accepted Answer

Data minimization

Answer

Data sovereignty

Answer

Data portability

Answer

Data residency

Question 5

The California Consumer Privacy Act (CCPA) grants California residents the right to:

Accepted Answer

Know what personal data is collected about them and request its deletion

Answer

Sue employers for wage theft

Answer

Access competitor pricing information

Answer

Opt out of paying state taxes on data services

Question 6

In information governance, a 'data owner' is best defined as:

Accepted Answer

The business unit accountable for the accuracy and use of a data set

Answer

The IT administrator who backs up the data

Answer

The vendor who stores the data on their servers

Answer

The auditor who reviews data quality annually