Reference no: EM133397579
Question
A US-based company serving primarily US-based customers and students. Assume the Privacy SME, while reviewing assessment responses administered to build your data map, you discover the following:
- The HR team is collecting name, contact information, date of birth, social security number, citizenship status, and resume for job applicants. The HR team is also conducting a demographic survey and collecting race, gender, age, veteran status, religious affiliation, marital status, parental status, sexual orientation, address, and household income. The survey is optional for job applicants but required for employees.
- The online product collects the following from students when they sign up for an account and profile to use Guild's services: name, email address, the highest level of education, gender, race, age, programs of interest, and motivation to seek reskilling or upskilling opportunities.
Conduct a privacy Risk assessment evaluating these activities including an explanation of how you would approach this situation, as well as any questions you would ask to inform your analysis.