Privacy Officer Interview Questions

Your company encrypts all customer data and has passed a SOC 2 security audit. A customer asks: "Is my data private?" Marketing wants to say yes. Legal is hesitant. Why might legal be right to hesitate, and what would you need to verify before answering?

Your company launched a new feature without privacy review. Now, three months later, you discover it collects more data than necessary and stores it indefinitely. The engineering lead says: "We'll add privacy controls in the next release. We can't delay the roadmap to fix this now." How do you explain why this approach is problematic, and what do you advocate for?

Your product team is designing a new feature that tracks user engagement metrics. They want to collect clickstream data, session recordings, and form interactions to optimize the user experience. They ask: "We need all this data for product decisions - how do we minimize while still getting insights?" Walk through how you would apply data minimization to this use case.