You are working at a sports association whose members range in age from 8 to 30. The association collects a large amount of health data, such as sustained injuries. You are storing this data in BigQuery. Current legislation requires you to delete such information upon request of the subject. You want to design a solution that can accommodate such a request. What should you do?
To comply with legislation that requires deletion of health data upon request, the best approach is to use a unique identifier for each individual. This allows for precise identification and complete removal of any and all records related to that individual from BigQuery. This method is straightforward and ensures that the data is fully deleted, meeting the legislative requirement without unnecessary complexity.
According to me, the question states "The association collects a large amount of health data, such as sustained injuries." and the nuance on the word such => " Current legislation requires you to delete "SUCH" information upon request of the subject. " So from that point of view the question is not to delete the entire user records but specific data related to personal health data. With DLP you can use InfoTypes and InfoType detectors to specifically scan for those entries and how to act upon them (link https://cloud.google.com/dlp/docs/concepts-infotypes) I would say B.
as PhilipKoku mentioned below: A) is the correct answer. B) is only masking the data and then when a request is received, it identified the record but it doesn’t delete it. D) Is masking the ID.
B is not masking the data but identifying where it is to take action on at later date if required
I want to delete all the informations about the user, not only those individuate by DLP. ALL THE INFORMATIONS of the users...B is not correct! the correct is A
(A) - Primary task is "legislation requires you to delete" .. and B is not deleting. only A is deleting
Deletion is implied in "Upon a deletion request, query Data Catalog to find the column with personal information."
There is no need of DLP. All the data is sensitive but only upon user request it needs deletion. So A should be the correct answer.
IMHO a) is the correct answer because it is easier to operate. The question is not how to mask data and so on but just to delete data on request, so I don't think that we have to use for just the deletion of specific data DLP.
(A) - Primary task is "legislation requires you to delete" .. and B is not deleting. only A is deleting
A is correct. As for option B: While DLP is valuable for identifying sensitive data, it might not be sufficient for this specific case. DLP cannot necessarily determine an individual's right to deletion based solely on data classification. Additionally, relying on Data Catalog to store the results adds unnecessary complexity and potential inconsistencies.
We do not need to delete entire recrod of sports person but some health information collected by association. B would be correct answer.
Either A or B is the answer. A - will delete all the info about the subject, which is not the intension. Only the sensitive data to be deleted. Hence, B.
Ans. B assumes you will delete the Personal Information found in the Catalog... Some people are reading GDPR into this question (we are not told what country and what legislation). The question states you must delete all information (not just personal informarion) on request. Ans B is a red herring ! Answer must = A
B. The A removes all data, not SUCH only.
Should be A)
I vote for B. I had some doubts whether A was correct, but: - I'm not convinced by the argument "only A talks about deleting" (it would be too easy if it was about choosing an answer containing the word "delete" ;) - the question says "design a solution that can accommodate such a request" - I'm not very fluent in english, but "accommodate" imho means more "facilitate" than "accomplish" here - I think that the task is about deleting health data not everything related with unique identifier - Data Catalog allows you to manage data, knowing in which datasets and in which tables what data is stored. Answer "A" somehow imposes the data model - each table with data related to a given individual must contain the ID of this individual (in a real data model this does not have to be the case).
DLP its correct product to deal with personal data
The problem I see with A is that it doesn't offer you a way to find the original subject's information once they request for their information to be deleted (no mapping from the unique identifier back to their person). Only B offers the solution design for this ability. The deletion step may not be included in B, but the ability to delete is always present. You're designing the ability to accommodate the request, which is to look up the individual who is asking for their information to be deleted.
From one side A is an easy way, low effort, to implement this solution, but if we think like an architect and like an exam question, B is more complete and a better solution, since it can mask all the sensitive information, not only for the users that request it, but for all, which is a best practice.
B is correct.. Check in chatGPT also.
chatgpt select A The most appropriate solution for accommodating the deletion request of personal health data stored in BigQuery, as per current legislation, would be: A. Use a unique identifier for each individual. Upon a deletion request, delete all rows from BigQuery with this identifier. Here's why this approach is suitable: Unique Identifier: Assigning a unique identifier to each individual is a standard practice in managing and querying datasets. It helps in precisely identifying and isolating records associated with a specific individual. Direct Deletion of Rows: Upon receiving a deletion request, you can directly delete all rows associated with the individual's unique identifier. This approach ensures that the data is completely removed from your dataset, complying with the legislative requirement to delete personal information upon request.
Well, A would delete all rows with the identifier, I guess including the ones that are not confidential, also what does it mean unique identifier? each user is unique already. Ridiculous. B would identify the columns that contain personal data, but B is prone to errors as changes in legislation of what is consider injury would be excluded and all data would need to be re- ingested. Unfortunately B is closer and less damaging than A.
Data Loss Prevention must have!
It had better be A, if not then you're not a good organization