Question 40
Domain 1: Privacy Program Framework and StrategyAn organization is designing its privacy program and is deciding how to define program objectives. Which statement BEST distinguishes legal compliance goals from broader privacy risk management goals?
Correct answer: B
Explanation
Legal compliance goals focus on meeting specific applicable laws and regulatory requirements, while privacy risk management goals extend beyond minimum legal duties to identify, assess, and address broader privacy harms and organizational exposures. — Source material: Distinguish between legal compliance goals and broader privacy risk management goals; Key Terms: legal compliance, privacy risk management.
Why each option is right or wrong
A. Legal compliance goals and privacy risk management goals both focus only on satisfying explicit statutory requirements.
Privacy risk management includes broader privacy concerns, not just explicit legal requirements.
B. Legal compliance goals aim to meet applicable legal requirements, while privacy risk management goals address wider privacy risks beyond strict legal mandates.
The source distinguishes legal compliance from broader privacy risk management. In this context, compliance goals are tied to applicable legal requirements, whereas privacy risk management goals are broader and include addressing privacy risks even when no specific legal mandate directly requires a control.
C. Legal compliance goals are broader because they include ethical and reputational concerns, while privacy risk management goals are limited to regulatory enforcement.
Legal compliance is narrower and tied to legal requirements; broader concerns fall under privacy risk management.
D. Legal compliance goals apply only after a privacy incident occurs, while privacy risk management goals apply before an incident occurs.
Legal compliance obligations are ongoing and not limited to post-incident situations.