Question 33
Domain 3: Privacy, Data Stewardship, and User RightsA product team wants to add several new personal data fields to a signup form. Under the principle of necessity of proposed collection, what should the team determine first?
Correct answer: B
Explanation
Data collection should be limited to information that is needed to achieve a defined business objective. Before collecting additional data, assess whether each proposed element is necessary for that objective. — Assess whether proposed data collection is necessary for the business objective.
Why each option is right or wrong
A. Whether the new fields could be useful for future unspecified analysis
Collection must be tied to a defined business objective, not possible future use.
B. Whether each new field is necessary to meet the business objective
The governing principle here is to assess whether proposed data collection is necessary for the business objective. Because the team plans to add new personal data fields, the first step is to evaluate each field against that objective and collect only what is needed.
C. Whether the team has the technical ability to store the additional data
Technical capacity does not determine whether collection is necessary for the objective.
D. Whether competitors commonly request similar information at signup
Necessity depends on the business objective, not industry imitation.