Question 30
Domain 1: Privacy Program Framework and StrategyA privacy leader is defining program objectives for a new enterprise privacy program. Which objective best reflects a broader privacy risk management goal rather than a legal compliance goal?
Correct answer: C
Explanation
Legal compliance focuses on meeting specific applicable laws and requirements, while privacy risk management addresses broader potential harms and organizational exposure beyond explicit legal mandates. — Source material: Distinguish between legal compliance goals and broader privacy risk management goals.
Why each option is right or wrong
A. Ensure required privacy notices satisfy applicable statutory and regulatory obligations.
Legal compliance centers on meeting applicable statutory and regulatory requirements.
B. Implement controls needed to fulfill explicit obligations imposed by privacy laws.
Legal compliance is aimed at satisfying explicit obligations created by law.
C. Reduce potential privacy harms and organizational exposure even where no specific law requires action.
The source distinguishes broader privacy risk management goals from legal compliance goals. This objective goes beyond satisfying a specific legal requirement and instead focuses on reducing potential privacy harms and organizational exposure even when no law expressly mandates the control, which is the defining feature of privacy risk management in this scenario.
D. Verify processing activities align with the minimum requirements established by applicable law.
Legal compliance focuses on alignment with the requirements established by applicable law.