Question 3
Domain 1 — Privacy Governance and Program ManagementOf the following, who should be PRIMARILY accountable for creating an organization’s privacy management strategy?
Correct answer: D
Explanation
A chief privacy officer is the executive role focused on privacy governance and compliance, so this position is primarily responsible for setting the organization’s privacy management strategy. The CPO typically defines privacy policies, oversees implementation, and ensures the program aligns with legal and regulatory requirements.
Why each option is right or wrong
A. Chief data officer (CDO)
A CDO focuses on data value, governance, and analytics, not primary privacy program accountability.
B. Privacy steering committee
A steering committee provides cross-functional guidance, but committees usually support rather than own strategy.
C. Information security steering committee
An information security committee addresses security risk; privacy is broader than security alone.
D. Chief privacy officer (CPO)
Under common privacy governance frameworks, the chief privacy officer is the executive designated to establish and direct the enterprise privacy program, including policy-setting, risk oversight, and alignment with applicable legal obligations. By contrast, operational managers and IT/security staff may implement controls, but the CPO holds primary accountability for the organization’s privacy management strategy at the leadership level.