ExpertMedium1 markMultiple Choice
CPA · Question 73 · Area III: SOC Engagements
Which of the following is a requirement of the 'Privacy' Trust Services Criterion?
Which of the following is a requirement of the 'Privacy' Trust Services Criterion?
Answer options:
A.
Data is encrypted at rest.
B.
Personal information is collected, used, retained, disclosed, and disposed of in conformity with the entity's privacy notice.
C.
System processing is valid and accurate.
D.
The system is protected against unauthorized access.
How to approach this question
Link Privacy to 'Notice' and 'Consent'.
Full Answer
B.Personal information is collected, used, retained, disclosed, and disposed of in conformity with the entity's privacy notice.✓ Correct
Personal information is collected, used, retained, disclosed, and disposed of in conformity with the entity's privacy notice.
The Privacy criterion is distinct from Confidentiality because it deals with personal data and the specific promises made to the data subject.
Common mistakes
Confusing Privacy with Confidentiality.
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...HardQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium