Which step in the information life cycle is not a risk mitigation strategy?
A) Destroy or de-identify personal information that is no longer needed
B) Collect and hold personal information needed for service and tasks
C) Put into place strategies to protect personal information held
D) Embed privacy protections into personal information handling practices

Question

Quizplus · Accepted Answer

Collecting and holding personal information is not a risk mitigation strategy, but rather a necessary step in the information life cycle. The other options (destroying or de-identifying information, implementing strategies to protect information, and embedding privacy protections) all involve reducing the risk of unauthorized disclosure or misuse of personal information.

Which Step in the Information Life Cycle Is Not a Risk