Question 8
UnclassifiedWhich statement about executive oversight is most accurate in a mature privacy program?
Correct answer: A
Explanation
Senior leadership oversight is essential because privacy risk reaches beyond compliance and can affect "revenue, product strategy, enforcement, and reputation." In a mature privacy program, executives must guide decisions where privacy impacts business operations and enterprise risk.
Why each option is right or wrong
A. Senior leadership oversight matters because privacy risk can affect revenue, product strategy, enforcement, and reputation
In a mature privacy program, executive oversight is expected because privacy risk is an enterprise risk, not just a legal-control issue; senior leaders must weigh its impact on business outcomes such as revenue, product roadmap decisions, regulatory enforcement exposure, and brand/reputation. This aligns with the governance expectations reflected in frameworks like NIST Privacy Framework and ISO/IEC 27701, which place accountability at the top of the organization rather than limiting it to operational privacy staff.
B. Executives should never hear about privacy unless a lawsuit is filed
C. Privacy is too technical for leadership reporting
D. Executive oversight replaces the need for operational controls