CISA Certified Information Systems Auditor – Question0030

An IS auditor reviewing an organization’s data privacy controls observes that privacy notices do not clearly state how the organization uses customer data for its processing operations. Which of the following data protection principles MUST be implemented to address this gap?

A.
Maintenance of data integrity
B. Access to collected data
C. Retention of consent documentation
D. Purpose for data collection

Correct Answer: B