Which requirement is specified by DM-1 Data Minimization privacy control?

Enhance your preparation for the Federal IT Security Professional Test. Use quizzes, flashcards, and detailed explanations to ensure success. Stay ahead in the field of IT Security!

Multiple Choice

Which requirement is specified by DM-1 Data Minimization privacy control?

Explanation:
Data minimization means collecting only what is necessary and ensuring that collection serves a purpose that is authorized by law or regulation. The requirement described—taking steps to ensure the collection of PII is consistent with a purpose authorized by law or regulation—directly enforces that idea by tying data collection to a legitimate, permitted purpose and avoiding unnecessary data. This approach reduces the amount of data stored and processed, lowering risk and simplifying compliance. The other options point to separate privacy controls: ensuring accuracy pertains to data quality, disseminating reports to oversight bodies relates to governance and transparency, and having a privacy incident response plan concerns how to handle privacy breaches.

Data minimization means collecting only what is necessary and ensuring that collection serves a purpose that is authorized by law or regulation. The requirement described—taking steps to ensure the collection of PII is consistent with a purpose authorized by law or regulation—directly enforces that idea by tying data collection to a legitimate, permitted purpose and avoiding unnecessary data. This approach reduces the amount of data stored and processed, lowering risk and simplifying compliance.

The other options point to separate privacy controls: ensuring accuracy pertains to data quality, disseminating reports to oversight bodies relates to governance and transparency, and having a privacy incident response plan concerns how to handle privacy breaches.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy