GRC GRC Data Privacy and Information Governance

Question 1

Which U.S. federal law primarily governs the privacy of health information held by covered entities and their business associates?

Accepted Answer

HIPAA

Answer

HIPAA (Health Insurance Portability and Accountability Act) establishes national standards for protecting sensitive patient health information.

Question 2

Under the NIST Privacy Framework, which core function focuses on developing organizational understanding to manage privacy risk?

Accepted Answer

Identify-P

Answer

The Identify-P function in the NIST Privacy Framework helps organizations understand the privacy risks associated with data processing activities.

Question 3

A data governance policy that defines who can access, modify, and delete data is best described as a:

Accepted Answer

Data access control policy

Answer

A data access control policy formally defines the rules governing who may access, alter, or remove organizational data assets.

Question 4

Which concept requires organizations to collect only the minimum amount of personal data necessary for a stated purpose?

Accepted Answer

Data minimization

Answer

Data minimization is the principle of limiting personal data collection to what is directly relevant and necessary to accomplish a specified purpose.

Question 5

The California Consumer Privacy Act (CCPA) grants California residents the right to:

Accepted Answer

Know what personal data is collected about them and request its deletion

Answer

CCPA gives California residents rights including knowing what personal data businesses collect, the right to delete it, and the right to opt out of its sale.

(GRC) Governance, Risk, and Compliance Certification Practice Test

(GRC) Governance, Risk, and Compliance Certification Practice Test

GRC GRC Data Privacy and Information Governance