A privacy lead assessor assessing your company for DSCI’s privacy certification gets to know that your payroll process has been outsourced to a third party service provider. So, he/she is reviewing your contract with that service provider to ascertain which privacy related clauses are incorporated in the contract.
What could be the possible reasons for reviewing the contract?
A . Possible violation of ‘Collection Limitation’
B . Possible violation of ‘Use Limitation’
C . Risk of data subjects directly reaching to service provider
D . Data security controls in third party provider’s environment
Answer: A