Question 19
Domain 5: Protecting Personal Data Through Operational ControlsWhich element should be defined for each data classification level?
Correct answer: B
Explanation
Each data classification level should specify how the data must be protected and used, including storage, access, and sharing requirements. A required data handling standard gives clear rules for handling information at each level, which is the purpose of classification.
Why each option is right or wrong
A. A separate legal entity
B. A required data handling standard for storage, access, and sharing
Data classification schemes are expected to pair each level with mandatory handling rules so users know the minimum protections required for that category of information. In practice, the defining element is the prescribed handling standard for how the data may be stored, who may access it, and how it may be shared; without those controls, the classification label has no operational meaning.
C. A marketing owner
D. A public website location