An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
As a subsidiary, the local entity will have to comply with the local law for data collected in the country.
Senior management will be accountable for this legal compliance.
The policy, being internal, cannot supersede the local law.
Additionally, with local regulations differing from the country in which the organization is headquartered, it is improbable that a group wide policy will address all the local legal requirements.
In case of data collected locally (and potentially transferred to a country with a different data privacy regulation), the local law applies, not the law applicable to the head office.
The data privacy laws are country-specific.
As an information security manager, it is essential to ensure that the local information security program adheres to the relevant data privacy policies. The choice of the appropriate data privacy policy will depend on various factors, including the location of the data and the applicable laws and regulations.
Option A states that the local information security program should ensure compliance with the corporate data privacy policy. This option assumes that the organization has a central data privacy policy that applies to all its operations worldwide. In this case, the information security manager must ensure that the local program complies with the corporate policy.
Option B states that the local information security program should ensure compliance with the data privacy policy where the data are collected. This option assumes that data privacy policies vary depending on the location of the data. For instance, the European Union has stringent data privacy laws under the General Data Protection Regulation (GDPR), which apply to data collected within the EU. In this case, the information security manager must ensure that the local program adheres to the applicable data privacy policy.
Option C states that the local information security program should ensure compliance with the data privacy policy of the headquarters' country. This option assumes that the organization's headquarters have a data privacy policy that applies globally. In this case, the information security manager must ensure that the local program complies with the headquarters' data privacy policy.
Option D states that the local information security program should ensure compliance with the data privacy directive applicable globally. This option assumes that there is a global data privacy directive that applies to all organizations worldwide. The information security manager must ensure that the local program adheres to the global data privacy directive.
Therefore, the most appropriate data privacy policy for the local information security program will depend on various factors, including the location of the data, the applicable laws and regulations, and the organization's data privacy policies.