A data analyst is following up on a recent, company-wide data audit of customer invoice data. Which of the following is the best option for the analyst to use?
This question falls under theData Governancedomain of CompTIA Data+ DA0-002, which includes understanding compliance frameworks for data audits, especially for customer data. The scenario involves a data audit of customer invoice data, which likely contains personal information, making privacy regulations relevant.
PCI DSS (Option A): PCI DSS (Payment Card Industry Data Security Standard) applies specifically to payment card data, not general customer invoice data unless credit card details are involved, which isn’t specified.
GDPR (Option B): GDPR (General Data Protection Regulation) is a comprehensive privacy regulation for handling personal data of EU citizens, including customer invoice data, which may contain PII like names and addresses. It’s the most relevant for a company-wide data audit.
ISO (Option C): ISO standards (e.g., ISO 27001) relate to information security management but are not specific to customer data privacy audits.
PII (Option D): PII (Personally Identifiable Information) is a concept, not a framework or tool for conducting an audit.
The DA0-002 Data Governance domain emphasizes "identifying PII and data privacy concepts," and GDPR is the most appropriate framework for auditing customer data to ensure compliance with privacy laws.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit