Which of the following is least relevant to establishing a culture of data privacy at a company?
Which of the following is least relevant to establishing a culture of data privacy at a company?
Adherence to ISO 27001 is least relevant to establishing a culture of data privacy at a company. ISO 27001 is primarily focused on information security management systems (ISMS) and ensuring the confidentiality, integrity, and availability of information. While information security is related to data privacy, it doesn't directly address the cultural and behavioral aspects of privacy. Establishing a culture of data privacy involves creating awareness, providing training, and integrating privacy considerations into the design and operations of the company, which are more directly addressed by the other options.
The answer should be "A". Why?? https://iapp.org/news/a/how-to-build-a-culture-of-privacy/ "The result is that compliance-focused privacy programs often struggle to engage with stakeholders across the business who may have strategic goals that appear in conflict with protecting personal data. "
Privacy is ISO27701, not ISO27000. Hence B.
A ISO 27001 é uma norma internacional que estabelece os requisitos para um Sistema de Gestão de Segurança da Informação (ISMS). Enquanto a segurança da informação é um componente crucial para a proteção da privacidade de dados, aderir à ISO 27001 não necessariamente estabelece uma cultura de privacidade de dados por si só.
I suggest B, ISO27001 is more for data protection than data privacy
Should be B
A - because monitoring is different from establishing. The monitoring will come later