Question 1 · Security and Risk Management
A multinational corporation is preparing to implement a new global privacy compliance program. Which approach would BEST align with comprehensive risk management principles?
- Write a single US-based privacy policy and apply it without change across every region
- Depend entirely on the organization's existing IT security controls to manage privacy risk
- Maintain a wholly separate and independent privacy policy for each country of operation
- Develop a unified privacy framework that considers regional regulations and conducts a thorough data mapping exercise
Correct answer: Develop a unified privacy framework that considers regional regulations and conducts a thorough data mapping exercise
A comprehensive approach requires understanding the nuanced privacy requirements across different jurisdictions while creating a unified framework. This strategy addresses the complexity of trans-border data flows and ensures compliance with regulations like GDPR, CCPA, and other regional privacy laws.





