When personal information is transmitted across networks, there MUST be adequate controls
over:
A.
change management.
B.
privacy protection.
C.
consent to data transfer.
D.
encryption devices.
Explanation:
Privacy protection is necessary to ensure that the receiving party has the appropriate level of
protection of personal data. Change management primarily protects only the information, not the
privacy of the individuals. Consent is one of the protections that is frequently, but not always,
required. Encryption is a method of achieving the actual control, but controls over the devices may
not ensure adequate privacy protection and. therefore, is a partial answer.