Question 21
Domain 3: Privacy, Data Stewardship, and User RightsA product team wants to add several new personal data fields to a registration form for a future marketing initiative. Under the principle of necessity of proposed collection, what should the team do first?
Correct answer: B
Explanation
Data should be collected only when it is necessary to achieve a defined business objective. Before adding new fields, evaluate whether each proposed data element is actually needed for that objective. — Assess whether proposed data collection is necessary for the business objective.
Why each option is right or wrong
A. Collect the fields now if they might become useful for later analysis
Collection should be tied to a necessary business objective, not possible future usefulness.
B. Determine whether each proposed field is necessary for the stated business objective
The governing principle here is to assess whether proposed data collection is necessary for the business objective. Because the team wants to add new personal data fields, the correct first step is to evaluate each field against the stated objective and collect only what is needed.
C. Add the fields if the registration form has enough space to display them clearly
Necessity depends on the business objective, not form design or available space.
D. Approve the fields if they are related to general business interests across the company
The test is necessity for the specific business objective, not broad organizational interest.