Question 6
Domain 1 — Privacy Governance and Program ManagementTo ensure effective management of an organization's data privacy policy, senior leadership MUST de ne:
Correct answer: B
Explanation
Effective privacy governance requires senior leadership to define accountability for oversight. A data privacy policy must specify the "roles and responsibilities of the person with oversight" so there is clear authority to implement, monitor, and enforce the policy across the organization.
Why each option is right or wrong
A. training and testing requirements for employees handling personal data
Training requirements are operational controls, not the core leadership accountability definition for policy oversight.
B. roles and responsibilities of the person with oversight
Under the privacy governance requirement, senior leadership must assign clear accountability for policy administration by defining who has oversight and what that person is responsible for; without that designation, the policy cannot be effectively implemented or monitored. This aligns with the governance principle that management must establish authority, responsibility, and reporting lines for privacy controls, rather than leaving oversight implicit or informal.
C. metrics and outcomes recommended by external agencies
External agencies may inform guidance, but leadership must define internal accountability, not just outside metrics.
D. the scope and responsibilities of the data owner
A data owner manages specific data assets; policy oversight is a broader governance responsibility.