SCENARIO I - VI - C

Question 1

AlphaTech, a renowned technology company in São Paulo, Brazil, has always stood out in the market for its
innovative operational risk-monitoring system. Under the leadership of Joana Silva, the director of operations,
the AlphaTech team successfully integrated various data analysis tools to predict and mitigate risks in real time,
solidifying the company as a leader in operational security. Although the company implemented risk
monitoring, there was never integration among teams and departments to create a single view of risk for the
business.
Recently, the board of AlphaTech, including CTO Pedro Andrade and Data Protection Specialist Ana Costa,
decided it was time to take a step further. They wanted to incorporate artificial intelligence into the company’s
operations to further improve efficiency and process predictability. Their idea was that AI could analyze large
volumes of data in real time, identify hidden patterns and anticipate problems before they occur. However, Ana
raised a crucial concern: the need to ensure the interoperability of risks, especially privacy risks, between the
existing systems and the new AI technology.
During the planning meetings, Joana and her team discussed how to ensure the AI integration did not
compromise the privacy of the data handled. Pedro suggested the implementation of machine learning
protocols that respect data minimization and transparency principles, while Ana emphasized the importance of
compliance with the Brazilian General Data Protection Law. The team agreed that it was fundamental to
establish an efficient communication channel between the existing risk monitoring systems and the new AI
technology to ensure joint risk management.
After several brainstorming sessions and consultations with digital law and AI experts, AlphaTech reached a
consensus on an integrated approach. It decided to develop a framework that allows smooth communication
between the systems, ensuring the AI risk analyses are informed and complemented by the existing data while
respecting user privacy.

Question 2

8. With this solution in sight, what initial step should AlphaTech take to ensure the interoperability of AI risk
   management with privacy risk management in its operations?
   A. Conduct regular simulations and tests.
   B. Implement continuous audit protocols.
   C. Create a specialized multidisciplinary team.
   D. Develop ethical and transparent AI algorithms.

Answer 2

8. The correct answer is C. While each of the steps listed is important at various stages of development and
   implementation, the first step should be to create a team that understands the complexities and needs of
   both privacy risk management and AI risk management. The reason for prioritizing the creation of a
   specialized multidisciplinary team is twofold:
   a. Integration of diversified knowledge: A multidisciplinary team brings together specialists in different
   areas, such as AI, data protection and digital law. This diversity of knowledge is essential to fully
   understand both the technical aspects of AI and the legal and ethical implications related to data
   privacy; and
   b. Foundation for implementing: With a specialized team in place, the company will have the necessary
   resources to plan and execute other strategies more effectively. For example, the team can oversee the
   implementation of continuous audit protocols, guide the development of ethical and transparent AI
   algorithms, and plan regular simulations and tests.
   Body of Knowledge Domain VI, Competency C

Question 3

9. Which of the following strategies would be most effective for AlphaTech to ensure privacy compliance
   when integrating AI into its operations?
   A. Delegate all the AI decisions to an automated algorithm.
   B. Implement a privacy training program for all employees.
   C. Focus on the technological development of AI without considering legal aspects.
   D. Reduce data collection to a minimum, regardless of the impact on AI effectiveness.

Answer 3

9. The correct answer is B. Implementing a privacy training program for all employees will help ensure
   everyone in the company is aware of the responsibilities and practices necessary to maintain compliance
   with the data protection law.
   Body of Knowledge Domain VI, Competency C

Question 4

10. What is the best practice for AlphaTech to effectively integrate AI into operational risk monitoring without
    compromising data privacy?
    A. Allow full access to the AI system for all employees.
    B. Focus only on operational risks, ignoring privacy risks.
    C. Apply data minimization and transparency principles in AI.
    D. Delete all personal data from the system to avoid privacy risks.

Answer 4

10. The correct answer is C. Applying data minimization and transparency principles in AI implementation
    ensures that only necessary data is used and processes are transparent, balancing operational efficiency
    with privacy protection.
    Body of Knowledge Domain VI, Competency C

Question 5

11. What approach should AlphaTech adopt to ensure the integration of AI into its operations aligns with best
    cybersecurity practices?
    A. Delegate cybersecurity exclusively to the IT team.
    B. Reduce focus on cybersecurity to increase AI efficiency.
    C. Rely entirely on traditional firewalls and antivirus software.
    D. Integrate cybersecurity into the design and development of AI

Answer 5

11. The correct answer is D. Integrating cybersecurity into the design and development of AI from the beginning
    ensures security concerns are proactively addressed rather than being an afterthought. This is essential to
    protect both the company’s infrastructure and the data it processes.
    Body of Knowledge Domain VI, Competency C