Question 29
Domain 1: Privacy Program Framework and StrategyA privacy program is being integrated into business operations. Which approach best establishes intake and escalation paths for privacy review?
Correct answer: B
Explanation
Privacy governance should include defined intake and escalation paths so new processing activities and material changes are routed for review before decisions are finalized. — Establish intake and escalation paths for new processing activities and material changes.
Why each option is right or wrong
A. Review only customer complaints to determine whether processing changes need privacy attention.
Intake and escalation are established for new processing activities and material changes, not only complaint-driven events.
B. Create a defined process to route new processing activities and material changes for privacy intake and escalation.
The source states that intake and escalation paths should be established for new processing activities and material changes. A defined routing process directly addresses both required triggers in this scenario: new processing and material change.
C. Require escalation only after a processing activity has launched and produced measurable privacy incidents.
Escalation paths are tied to new processing activities and material changes, not only post-launch incidents.
D. Limit intake to projects involving sensitive data and allow all other processing changes to proceed automatically.
The stated trigger is new processing activities and material changes without limiting intake to one data category.