Question 31
Domain 5: Protecting Personal Data Through Operational ControlsAn organization collects personal data for a stated business purpose. Which action best aligns its data practices with that purpose and with legal requirements?
Correct answer: B
Explanation
Personal data handling should stay consistent with the purpose originally stated and must also satisfy applicable legal requirements. Collection, use, sharing, and retention should be limited to what those purposes and requirements support. — Ensure personal data practices align with stated purposes and legal requirements.
Why each option is right or wrong
A. Use the data for any internal objective if the data was collected lawfully at the start.
Lawful collection does not authorize later uses beyond stated purposes and legal requirements.
B. Limit collection, use, sharing, and retention to what matches the stated purposes and applicable law.
The source states that personal data practices must align with stated purposes and legal requirements. Limiting collection, use, sharing, and retention to what matches those purposes and applicable law is the action that fits both conditions in the question.
C. Share the data broadly across the organization as long as no external disclosure occurs.
Internal sharing must also align with stated purposes and legal requirements.
D. Retain the data indefinitely if it may become useful for future business activities.
Retention must align with stated purposes and legal requirements, not possible future usefulness.