Data Protection & Compliance

A tech startup has just suffered a data breach where sensitive customer financial data was stolen. The Chief Executive Officer (CEO) has an immediate concern about the tangible penalties the company will face. What is the CEO primarily concerned with in this situation?

A multi-national corporation stores customer data in the United States, the European Union, and China. They learn that data protection laws differ significantly between these locations. They need to comply with the laws in all locations. What principle describes this legal requirement?

Under GDPR, a European customer contacts a social media company and formally requests that all their personal data, including posts, messages, and profile information, be permanently deleted from the company's systems. Which right is the customer using?

A software development company discovers that several developers have installed unlicensed software downloaded from piracy websites to save costs. What is the PRIMARY risk associated with the use of unlicensed software?

An organization implements a mandatory policy requiring all employees to lock their computer screens when away from their desks, store sensitive documents in locked drawers, and erase whiteboards containing confidential information at the end of each day. Which personnel security control does this policy represent?

A bank's security team discovers that a single employee has been processing expenses claims and approving them too, allowing them to authorize fraudulent expenses payments to their personal bank account. Which control should the bank implement to prevent this type of fraud in the future?

A company wants to improve employee security behavior and reduce successful phishing attacks. They implement a program where employees receive points and badges for completing security training modules, with a leaderboard showing top performers. Which training technique is being used?

A healthcare organization currently stores patient medical records forever. The company's Data Protection Officer (DPO) is concerned about potential consequences. What is their PRIMARY concern?

A company is concerned that it is too dependent on a small number of critical employees. It wishes to test its resilience to disasters and serious incidents. They propose a new policy where critical employees take enforced breaks from their current roles, while other employees take over their duties, and check their work for mistakes and fraud. What is the BEST description of this policy?