A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?
A company's marketing department collects, modifies, and stores sensitive customer data. The infrastructure team is responsible for securing the data while in transit and at rest. Which of the following data roles describes the customer?
A data subject is any individual whose personal data is being collected, held, or processed. In this scenario, the customer is the individual whose sensitive data is being collected, modified, and stored by the company's marketing department. This makes the customer the data subject, as the data pertains directly to them. The other roles do not accurately describe the relationship of the customer to their data: 'Processor' refers to entities handling data on behalf of a controller, 'Custodian' refers to entities managing the data infrastructure, and 'Owner' refers to the entity responsible for the data's governance.
From Professor Messer study notes: Data subject • Any information relating to an identified or identifiable natural person – An individual with personal data • This includes everyone – Name, ID number, address information, genetic makeup, physical characteristics, location data, etc. – You are the data subject • Laws and regulations – Privacy is ideally defined from the perspective of the data subject Data owner – Accountable for specific data, often a senior officer – VP of Sales owns the customer relationship data – Treasurer owns the financial information I'm also going with C.
C. Subject In this scenario, the customer is the subject of the sensitive data being collected, modified, and stored by the marketing department. The customer's data is being processed and managed by the marketing department, but the customer themselves is the subject of that data. They are the individuals to whom the data pertains.
C. Subject In the context of data roles, the customer whose sensitive data is being collected, modified, and stored is referred to as the "Subject." The data subject is the individual to whom the data pertains. Therefore, the correct answer is: C. Subject
The Marketing Department Head or other senior-level manager is likely something like the Data Protection Officer or Owner, responsible for the data. The Infrastructure Team are likely the Custodians. The data is likely being collected and processed by lower-level employees and/or automated processes. These would be the Data Processors. That leaves the customer whose data is being collected. They aren't the owners of their own data (like others have stated), but they are the data subject. So C is the most accurate answer.
although not covered in study material ive looked at, the customer is definately not the processor or the controller. owners are usually senior management so thats out. going with subject.
It is for Professor Messer's SY0-701 notes.
C. Subject
Answer is c. Technically the customer does own their own data, however in the Cybersecurity context the Owner is someone within the organization. According to ISO/IEC 27001, the data owner is responsible for ensuring the confidentiality, integrity, and availability of information assets.
Owner is the right answer
Why wouldn't the customer be the data owner? I don't remember Data Subject being apart of the 701 Course
5.4 Summarize elements of effective security compliance.