Question 1
Domain 1 — Privacy Governance and Program ManagementWhat is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?
Correct answer: C
Explanation
A privacy notice is the primary way an organization tells customers how their personal information is collected, used, shared, and protected. It communicates customer rights by stating the organization’s privacy practices and any choices or access rights available to the customer.
Why each option is right or wrong
A. Distributing a privacy rights policy
A privacy rights policy is usually an internal or less standard term, not the main customer notice.
B. Mailing rights documentation to customers
Mailing documentation is a delivery method, not the primary formal mechanism for privacy transparency.
C. Publishing a privacy notice
Under common privacy-law frameworks, the organization’s formal disclosure to individuals is the privacy notice, which is the document used to explain how personal information is collected, used, disclosed, retained, and safeguarded, along with any access, correction, opt-out, or complaint rights. For example, the GDPR requires transparent information to be provided at collection under Articles 12–14, and the CCPA/CPRA requires a notice at collection and a privacy policy describing categories, purposes, and consumer rights; those notices are the primary vehicle for communicating those rights, not ad hoc statements or internal policies.
D. Gaining consent when information is collected
Consent captures permission at collection time but does not fully describe all customer rights.