# Privacy Principles and Regulations Backlink: [[Domain 1 - Index]] **Definition:** Foundational principles (e.g., purpose limitation, data minimization) and regulatory regimes governing personal data processing. ## Key Facts - Principles: lawfulness, fairness, transparency; purpose limitation; minimization; accuracy; storage limitation; integrity/confidentiality; accountability. - Roles: controller vs. processor; data subject rights (access, erase, rectify). - Obligations: DPIAs, breach notifications, records of processing. - Apply security by design/default; pseudonymization/anonymization. - Map to classification, retention, and vendor contracts (DPAs). - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Identify controller/processor duties - Choose controls supporting principles >[!note] **Mnemonic** - “Minimize, Make Clear, Make Safe.” ### Example Q: Vendor processes customer PII; your org decides purposes. Role? A: You are the controller; vendor is processor. ## Revision Checklist - [ ] List 5 privacy principles - [ ] Define controller vs. processor - [ ] Name two data subject rights - [ ] Tie privacy to SDLC and vendor DPAs ## Related [[Data Owners, Controllers, and Processors]] · [[Data Retention and Destruction]] · [[E-Discovery (EDRM)]] · [[Service Level Agreements and Contracts]] · [[Third-Party and Supplier Risk Management]] #cisSP #domain-1 #concept