Question 4
Domain 3: The Privacy Technologist’s Role in the OrganizationA company needs to clarify who is responsible, accountable, consulted, and informed when a model feature change increases privacy risk. Which artifact best fits this need?
Correct answer: A
Explanation
A RACI matrix assigns roles as “Responsible, Accountable, Consulted, and Informed,” which is exactly what the company needs to clarify for a model feature change. It is used to map who does the work, who owns the decision, who provides input, and who must be kept informed when privacy risk increases.
Why each option is right or wrong
A. A RACI matrix
A RACI matrix is the standard project-governance artifact for assigning four explicit role states—Responsible, Accountable, Consulted, and Informed—so it directly answers a need to clarify ownership and communication paths around a change. In a model feature change that raises privacy risk, it is the appropriate document to show who executes the change, who approves it, who must be consulted on the risk, and who must be notified; no statute or regulation is required here because the question is about organizational role definition rather than a legal compliance threshold.
B. A destruction certificate
C. A network topology map
D. A breach notification template