IIA Exam IIA-CIA-Part3 Topic 7 Question 72 Discussion

Actual exam question for IIA's IIA-CIA-Part3 exam

Question #: 72
Topic #: 7

Which of the following should internal auditors be attentive of when reviewing personal data consent and opt-in/opt-out management process?

AWhether customers are asked to renew their consent for their data processing at least quarterly.

BWhether private data is processed in accordance with the purpose for which the consent was obtained?

CWhether the organization has established explicit and entitywide policies on data transfer to third parties.

DWhether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

Show Suggested Answer

Suggested Answer: C

by Jovita at Feb 08, 2024, 04:19 PM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

7 months ago

Yes, customers should have the option to opt-out and have their data removed if they desire. It's about respecting their privacy rights.

upvoted 0 times

...

7 months ago

And what about giving customers the right to opt-out or be forgotten from records? Should that be a focus?

upvoted 0 times

...

8 months ago

Absolutely, organizations should have clear policies on data transfer to ensure data privacy and security.

upvoted 0 times

...

8 months ago

What about the issue of data transfer to third parties? Should internal auditors also consider that?

upvoted 0 times

...

8 months ago

Yes, that's correct. It's important for organizations to respect the purpose for which data was collected.

upvoted 0 times

...

9 months ago

I think internal auditors should ensure that personal data is processed according to the purpose of consent.

upvoted 0 times

...