Exam CAS-004 topic 1 question 333 discussion

B. Data sovereignty When considering sending backups containing customer Personally Identifiable Information (PII) to a cloud service provider, data sovereignty is the most important consideration. Data sovereignty refers to the legal and regulatory requirements that dictate where data must be stored and processed. It is crucial to ensure compliance with data protection and privacy laws, especially when dealing with sensitive information like PII.

o Data sovereignty refers to the principle that data is subject to the laws and regulations of the country where it is collected and processed. This is particularly crucial when dealing with sensitive personal information (PII) like customer data. Different countries have varying data protection laws and regulations regarding how PII can be stored, accessed, and used. By choosing a cloud service provider located in a country with strict data privacy laws, the company can ensure that customer data is handled securely and in compliance with local regulations. o Vendor lock-in: Vendor lock-in refers to the situation where a company becomes dependent on a specific vendor's technology or services and finds it difficult or costly to switch to another provider. This is a valid concern when choosing a cloud service provider, but it is not as critical as data sovereignty, especially when considering the sensitive nature of customer PII.

I'm voting B. I think it sort of encompass C and more. Requiring you to consider the laws and regulations of the Country from which the data was obtained.

Data sovereignty pertains to the concept that digital data is subject to the laws of the country in which it is stored. When sending customer PII to a cloud service provider, especially if that provider's storage facilities are located in different jurisdictions or countries, the data might become subject to different privacy regulations, access laws, or even potential surveillance mechanisms.

I guess, it's not B. Should be C