Sensitive data, such as addresses, can be disclosed if software fails to enforce privacy tags or metadata that indicate data sensitivity. The DAMA-DMBOK emphasizes that data security involves “protecting data from unauthorized access or disclosure through controls such as access policies, encryption, and metadata-driven privacy enforcement” (DMBOK2, Chapter 8: Data Security, p. 297). Privacy tags are metadata attributes that signal how data should be handled, and software ignoring these tags can lead to unauthorized exposure.
Options A, B, D, and E are less directly related. For example, inappropriate use of photocopier toner (A) is unrelated to data security in this context, and cloud-based databases (B) are a platform, not a direct cause of disclosure unless misconfigured. Ineffective data architecture (D) or stored procedures (E) may contribute indirectly but are not as specific as software ignoring privacy tags.
[Reference:DAMA-DMBOK2, Chapter 8: Data Security, Section 3.2, p. 297., ]
Submit