Question 31
Domain 3: Privacy, Data Stewardship, and User RightsA company is planning a new customer-facing feature that will collect and use personal data in a different way than existing services. To address privacy risks in cross-functional business decision-making, which group should be coordinated as part of the review?
Correct answer: B
Explanation
Privacy risk decisions should be coordinated across the relevant business functions rather than handled by a single team in isolation. The core functions to align are legal, compliance, security, data, and product teams. — Coordinate privacy considerations among legal, compliance, security, data, and product teams.
Why each option is right or wrong
A. Only the legal and compliance teams should review the feature before launch.
Privacy coordination includes security, data, and product teams in addition to legal and compliance.
B. Legal, compliance, security, data, and product teams should coordinate the review.
The source material states that privacy considerations should be coordinated among legal, compliance, security, data, and product teams. Because the feature changes how personal data is collected and used, the review should include all five functions rather than a narrower subset.
C. Only the security and data teams should assess the feature because personal data is involved.
Privacy coordination also includes legal, compliance, and product teams, not only security and data.
D. The product team can decide independently and consult others only if an issue is found later.
Privacy considerations should be coordinated across functions, not deferred until after independent product decisions.