InterviewStack.io LogoInterviewStack.io
🛡️

Security Governance, Risk & Privacy Topics

Governance, compliance frameworks, regulatory requirements, compliance implementation, and compliance-driven risk management. Covers compliance frameworks (SOX, GDPR, HIPAA, FCPA, etc.), regulatory interpretation, compliance control design, audit and control effectiveness evaluation, and compliance process management. For operational security implementation and technical threat mitigation, see Security Engineering & Operations.

Privacy and Security Alignment

The relationship between privacy and security: how they overlap and differ, and how access control, least privilege, encryption, and other security controls serve privacy goals. Covers aligning privacy and security programs and reasoning about safeguards that protect personal data at scale. Includes distinguishing a privacy failure from a security failure.

0 questions

Data Subject Rights and Request Handling

Operationalizing individual rights: access, rectification, erasure, portability, restriction, and objection requests. Covers identity verification, response timelines, locating data across systems to fulfill a request, and handling edge cases and exemptions. Includes designing systems that can execute deletion and export reliably at scale.

0 questions

Privacy by Design and Default

Embedding privacy into architecture and the development lifecycle: the privacy-by-design principles, privacy-protective defaults, and on-device or edge processing to minimize data exposure. Covers integrating privacy controls into product and program design and into engineering workflows rather than bolting them on. Includes designing privacy-first solutions and reference architectures.

0 questions

Data Classification and Sensitivity Handling

Classifying data by sensitivity and applying controls proportionate to that classification: identifying personal, sensitive, and special-category data and tagging it through its lifecycle. Covers classification schemes, labeling, and how classification drives access, encryption, and retention decisions. Includes assessing the impact of a given data type on privacy and security risk.

0 questions

Consent, Lawful Basis, and Transparency Notices

Establishing the legal grounds for processing and communicating them to users: choosing and documenting a lawful basis, obtaining and recording valid consent, and implementing opt-in, opt-out, and preference flows. Covers consent granularity, withdrawal and re-consent, propagation of consent state through downstream systems, and the disclosure layer of privacy policies and notices, layered and just-in-time transparency, cookie and tracking-technology consent, and honoring signals like Global Privacy Control. Includes writing notice content that is both compliant and comprehensible.

0 questions

Data Inventory, Mapping and Records of Processing

Knowing what personal data exists and how it flows: data mapping, personal-data inventories, and records of processing activities (RoPA). Covers building and maintaining data flow diagrams, cataloging processing purposes and recipients, and keeping documentation current. Includes the processing concepts and recordkeeping that underpin most other compliance work.

0 questions

Data Minimization and Retention

Collecting and keeping only what is necessary: data minimization at collection, purpose limitation, and retention scheduling with automated deletion. Covers defining retention periods, enforcing them technically, and defensibly disposing of data. Includes balancing operational or analytics needs against minimization obligations.

0 questions

Privacy-Enhancing Technologies and Anonymization

Technical safeguards that reduce identifiability: anonymization, pseudonymization, tokenization, differential privacy, and related privacy-enhancing technologies. Covers the difference between anonymized and pseudonymized data, re-identification risk, and when each technique is appropriate. Includes evaluating the privacy-utility tradeoff of a given technical control.

0 questions

Global Privacy Regulations and Data Protection Frameworks

The landscape of privacy and data protection law and how core frameworks fit together: controllers vs processors, personal vs sensitive data, lawful processing, and cross-framework concepts. Covers foundational privacy terminology and how to reason about which regimes apply to a given data flow. Serves as the orientation layer beneath the regulation-specific topics.

0 questions
Page 1/2