CIPM Exam - Question 187

C. Potential uses of personal information in the future. A data collection notice typically doesn't speculate or include potential uses of personal information in the future that aren't already identified and described at the time of data collection. Such notices are meant to inform individuals about how their data will be used, stored, and shared at the point of collection, and any future uses would need to be compatible with these stated purposes, or else new consent might be required. In some jurisdictions, data protection laws might not explicitly require organizations to notify individuals about the metadata that will be generated from the collected information. Metadata can be seen as less direct or "visible" to the data subject, and while it's often important to manage and protect this appropriately, it might not always be a mandatory element to include in a data collection notice.

D should be correct, A, B and C are referring to how a company stores, shares and collects a data which should be in a collection notice

yes D answerv is correct

C. This was similar to if not the same question from earlier. You need to provide specific use not potential.

How the data is processed securely — this is NOT typically included in a collection notice. Security measures (like encryption, access controls, etc.) are important, but they are usually detailed in internal policies or maybe general privacy policies — not in a notice specifically about data collection.