Exam CS0-002 topic 1 question 354 discussion

Out of the options provided, implementing a data loss prevention (DLP) solution is the most effective way to address data privacy and protection gaps. A DLP solution is designed to monitor, detect, and prevent unauthorized data transfers or leaks, helping organizations protect sensitive information from being inadvertently or maliciously disclosed. It allows you to define policies, monitor data flows, and take actions to prevent data breaches.

Question is about users not employees. You could not ask users to sign NDA. If would be employees I would go for NDA. On this specific case I go with B, Data Minimisation for the users data. The principle of “data minimisation” means that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. They should also retain the data only for as long as is necessary to fulfil that purpose.

Answer B

this was on question on EXAM

A data minimization plan is a strategy that aims to reduce the amount and type of data that an organization collects, stores, and processes. It can help improve data privacy and protection by limiting the exposure and impact of a data breach or loss. Creating a data minimization plan is the best recommendation for a security officer who needs to find the most cost-effective solution to the current data privacy and protection gap. Requiring users to sign NDAs, adding access control requirements, or implementing a data loss prevention solution are other possible solutions, but they are not as cost-effective as creating a data minimization plan.