Free Authentic IAPP AIGP Actual Exam Questions - Question 8 Discussion

C imo, because ensuring lawful processing covers the core privacy concern here.

Not B, because while security controls are important, the main focus should be on ensuring the biometric data is processed lawfully and specifically, which makes C the better choice here.

This definitely feels like it’s about compliance with data protection laws since the AI collects biometric info, which is sensitive personal data. So making sure data is only processed for lawful and specific purposes (C) should be the priority before anything else. If you don’t have clear legal grounds, no matter how strong your security controls are, you risk breaking privacy laws.

B. Since the AI system deals with sensitive biometric data, updating security controls to protect this data seems critical to prevent unauthorized access or breaches, which directly impacts IT security.

The focus here seems to be on handling biometric data, which is definitely personal data under most privacy laws. That points to option C as a priority — making sure data processing has a specific, lawful purpose is crucial to avoid compliance issues. Plus, updating third-party data sharing policies (A) might be important but feels like a secondary step after ensuring lawful processing. Options B and D don’t really target the core privacy challenge this system introduces. So, the main concern should be about legal use of biometric-like data rather than just tightening security controls or simp

Is the question asking about legal compliance specifically, or more about technical security controls? Also, does the AI system store biometric data separately, or is it treated as personal data in this context? That might affect which option fits best.