IIA Exam IIA-CIA-Part3-3P Topic 10 Question 61 Discussion

Actual exam question for IIA's IIA-CIA-Part3-3P exam

Question #: 61
Topic #: 10

Which of the following should internal auditors be attentive of when reviewing personal data consent and opt-in/opt-out management process?

AWhether customers are asked to renew their consent for their data processing at least quarterly.

BWhether private data is processed in accordance with the purpose for which the consent was obtained.

CWhether the organization has established explicit and entitywide policies on data transfer to third parties.

DWhether customers have an opportunity to opt-out the right to be forgotten from organizational records and systems.

Show Suggested Answer

Suggested Answer: B

by Elza at Jan 15, 2025, 12:03 PM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

3 days ago

I agree, B) and D) cover the key aspects. Quarterly consent renewal seems a bit excessive though.

upvoted 0 times

...

10 days ago

D) is also important. Customers should have the ability to opt-out of data retention if they wish.

upvoted 0 times

...

12 days ago

B) seems like the most comprehensive option here. Ensuring data is processed per the consent obtained is crucial.

upvoted 0 times

...

29 days ago

I believe option D is also important, giving customers the right to be forgotten.

upvoted 0 times

...

1 months ago

I agree with Bulah, processing data in accordance with the purpose is crucial.

upvoted 0 times

...

1 months ago

I think internal auditors should be attentive to option B.

upvoted 0 times

...