Question 23
Domain 3: Privacy, Data Stewardship, and User RightsA privacy team decides to proceed with a data-related initiative even though some residual privacy risk remains. To support accountable cross-functional decision-making, what should be documented along with the risk acceptance?
Correct answer: B
Explanation
When residual privacy risk is accepted, the reasoning behind the data-related decision should be documented so the acceptance is accountable and traceable. — Document rationale for data-related decisions and risk acceptance.
Why each option is right or wrong
A. The technical architecture selected for future system upgrades
The requirement is to document the reasoning for the data-related decision and the acceptance of risk.
B. The rationale for the data-related decision that led to accepting the risk
The source states to document rationale for data-related decisions and risk acceptance. In this scenario, the team accepted residual privacy risk, so the supporting rationale for that data-related decision must be recorded with the acceptance.
C. The names of all employees who were informed about the decision
The requirement addresses decision reasoning and risk acceptance, not a list of everyone notified.
D. The projected business revenue expected from the initiative
The requirement is broader than financial outcomes and specifically calls for the decision rationale and risk acceptance.