Free DAMA CDMP Fundamentals Practice Questions: Data Ethics

Topic snapshot

Sample questions

These are original IT Mastery practice questions aligned to this topic area. They are not official exam questions, copied live-exam content, or exam dumps. Use them for self-assessment, scope review, and deciding what to drill next.

Question 1

Topic: Data Ethics

A retail bank wants to use transaction history to build customer segments for a new credit-card marketing campaign. Access controls and encryption are already in place, and the data team can pseudonymize customer IDs. Profiling could still identify customers in financial hardship and expose them to unsuitable offers. Marketing needs a decision within two weeks. What is the best professional action?

Options:

• A. Rely on encryption and access controls to manage the risk

• B. Approve the work because the data is pseudonymized

• C. Proceed if only aggregated campaign results are reported

• D. Run an ethical use review before approving the profiling

Best answer: D

Explanation: Ethical data use requires more than protecting data from unauthorized access. In this situation, the main risk is not only confidentiality; it is the potential harm caused by profiling vulnerable customers and using those profiles for marketing decisions. A suitable action is to pause approval long enough for an ethical use review or governance review that considers purpose limitation, fairness, customer impact, transparency, accountability, and possible constraints on use. The review can still respect the two-week business need by producing a decision, conditions, or escalation path rather than blocking indefinitely.

Pseudonymization, aggregation, encryption, and access control can reduce security or identification risk, but they do not decide whether the intended use is fair, appropriate, or harmful.

• Pseudonymization alone reduces direct identification risk but does not address whether profiling financially stressed customers is appropriate.
• Aggregated reporting may limit report exposure, but the campaign can still act on harmful customer-level segments.
• Security controls protect confidentiality and access, but they do not resolve fairness, purpose, or accountability concerns.

Question 2

Topic: Data Ethics

A retailer’s legal team confirms that its customer terms permit using support-chat transcripts for analytics. A product team now wants to use the transcripts to infer customer financial stress and target retention offers. Customer advocates are concerned that the use may feel unexpected and damage trust, even if it is permitted. What is the best next action?

Options:

• A. Perform an ethical data-use review before approval

• B. Ask IT to restrict database administrator access

• C. Proceed because customer terms allow analytics

• D. Store the transcripts in the enterprise data warehouse

Best answer: A

Explanation: Ethical data use goes beyond whether an organization has a legal basis or contractual permission to use data. A responsible review considers whether the proposed use is fair, transparent, proportionate, aligned with stakeholder expectations, and likely to preserve trust. In this case, inferring financial stress from support chats could create sensitive impacts even if analytics use is allowed by the terms. The organization should assess purpose, necessity, potential harm, consent expectations, safeguards, and accountability before approving the activity. Security and storage controls may still be needed, but they do not answer whether the use itself is ethically appropriate.

• Legal permission only fails because a permitted use can still be unexpected, unfair, or harmful to stakeholder trust.
• Access restriction is a useful security control, but it does not assess the ethical justification for the new purpose.
• Warehouse storage addresses technical placement, not whether the proposed inference and targeting are responsible.

Question 3

Topic: Data Ethics

A retailer plans to use purchase history and loyalty-app location data to create customer segments for targeted offers. Access controls, encryption, and retention settings already meet internal security standards. A steward raises concern that one segment could infer sensitive health conditions and lead to unfair treatment of customers. What is the best next action?

Options:

• A. Increase the data-quality profiling threshold

• B. Document the fields in the technical data dictionary

• C. Tighten database permissions for the analytics team

• D. Conduct an ethical impact review with accountable business stakeholders

Best answer: D

Explanation: Data ethics addresses whether data use is fair, transparent, accountable, and unlikely to cause inappropriate harm, even when security controls are working. In this scenario, the main concern is not unauthorized access, poor profiling accuracy, or missing metadata. The concern is that combining purchase and location data could infer sensitive information and create unfair outcomes. The best response is to pause for an ethical impact review involving accountable business stakeholders, data governance, privacy, and stewardship roles as appropriate. That review can assess purpose, proportionality, consent expectations, bias, potential harm, and mitigation. Technical controls may protect confidentiality, but they do not by themselves decide whether a use is acceptable.

• More permissions may reduce unauthorized access risk, but it does not address unfair inference or harmful targeting.
• Higher profiling thresholds can improve data-quality confidence, but accurate data can still be used unethically.
• More dictionary detail improves technical metadata, but documenting fields does not establish whether the analytics use is appropriate.

Question 4

Topic: Data Ethics

A retailer’s analytics team wants to use legally collected loyalty-card purchase history to infer sensitive life events and target customers with personalized offers. Consent language permits broad marketing use, but customer research shows many members would not expect this use. The data governance program is new, and executives want to preserve customer trust while still exploring business value. What is the best professional decision?

Options:

• A. Pause the use case for an ethics and stakeholder-impact review

• B. Remove customer names and treat the analysis as fully ethical

• C. Proceed because the consent language allows marketing use

• D. Limit access to the analytics team and launch the offers

Best answer: A

Explanation: Ethical data use requires more than legal permission. The proposed targeting uses legally collected data, but it infers sensitive life events in a way customers may not reasonably expect. A responsible decision should assess fairness, transparency, proportionality, potential harm, and stakeholder expectations before operational use. Because governance maturity is low and trust is an explicit concern, an ethics and stakeholder-impact review gives the organization a structured way to decide whether the use should proceed, be redesigned, require clearer notice, or be stopped. Access controls and de-identification may reduce some risks, but they do not by themselves answer whether the use is ethically justified.

• Legal permission only fails because broad consent does not address reasonable expectations, sensitivity, or trust.
• Access restriction only reduces exposure but does not evaluate whether the targeting purpose is appropriate.
• Removing names may lower identifiability, but sensitive inference and unexpected use can still create ethical risk.

Question 5

Topic: Data Ethics

A bank wants to combine loyalty-card purchases with third-party demographic segments to rank customers for targeted financing offers. The data will be encrypted and access will be limited, but the data steward is concerned the profiling could unfairly target or exclude vulnerable customers. What should the steward recommend before deployment?

Options:

• A. Conduct an ethical impact review with accountable stakeholders

• B. Document the source-to-target lineage in the catalog

• C. Retain the dataset until campaign outcomes are measured

• D. Encrypt the combined dataset and limit access permissions

Best answer: A

Explanation: Ethical data use looks beyond whether data is technically protected or legally accessible. When analytics or profiling may create unfair targeting, exclusion, discrimination, or other stakeholder harm, the appropriate action is to pause for an ethical review involving accountable business, governance, risk, and stewardship participants. That review should examine the purpose, proportionality, fairness, transparency, consent or expectations, data minimization, retention, and escalation paths. Encryption and access controls reduce unauthorized disclosure, but they do not determine whether the intended use is fair or acceptable. The key takeaway is that technical safeguards are necessary but not sufficient when the use itself may cause harm.

• Access control only protects confidentiality but does not assess whether profiling vulnerable customers is fair or appropriate.
• Lineage documentation improves traceability but does not resolve ethical concerns about the intended use.
• Extended retention may increase exposure and should follow a justified retention decision, not precede ethical review.

Question 6

Topic: Data Ethics

A bank deploys an automated process to prioritize customer complaints for specialist review. The process was trained on five years of complaint data, but older branch and phone complaints from rural areas were rarely captured. Rural customers are now escalated less often than comparable urban customers. Which ethical risk is most directly shown?

Options:

• A. Biased data causing unfair treatment

• B. Opaque processing without explainability

• C. Secondary use without consent

• D. Excessive collection beyond business need

Best answer: A

Explanation: The central ethical risk is bias in the data used to drive automated decisions. The process may be technically functioning as designed, but the historical data does not adequately represent rural complaint patterns because some channels were not captured. That imbalance can cause unfair outcomes for a group of customers, especially when the result affects access to specialist review. Ethical data use requires attention to representativeness, fairness, and accountability, not only operational efficiency. Lack of explainability could also be a concern in automated processing, but the visible harm here comes from biased input data producing unequal treatment.

• Opaque processing would focus on inability to understand or explain the decision logic, which is not the main fact provided.
• Excessive collection would involve gathering more data than needed, but the scenario shows missing data rather than overcollection.
• Secondary use would involve using data for a new purpose beyond the original context, which is not indicated here.

Question 7

Topic: Data Ethics

A retail analytics team wants to combine loyalty purchases, mobile app behavior, and support-ticket text to predict customers likely to churn. The model would be used for targeted retention offers within 4 weeks. Some ticket text may contain health or financial hardship details, and the current customer notice describes use for service improvement, not personalized marketing. What is the best professional decision?

Options:

• A. Remove customer names and use all available fields

• B. Limit access to the model output after deployment

• C. Proceed because the data is already held internally

• D. Require governance review before a minimized, communicated pilot

Best answer: D

Explanation: Ethical data use depends on more than legal possession or technical access. Here, the intended purpose shifts from service improvement to personalized marketing, and the support-ticket text may contain sensitive details that customers did not expect to be used for churn targeting. A responsible approach is to involve governance or ethics review before launch, assess purpose compatibility and customer expectations, minimize the data used (especially free text), and ensure customers receive appropriate communication or consent where required. Time pressure does not remove accountability for fair, transparent, and proportionate use. Access controls help, but they do not address whether the use itself is appropriate.

• Internal availability fails because holding data does not automatically justify a new, more intrusive purpose.
• Name removal only fails because sensitive meaning can remain in text and behavioral patterns even without direct identifiers.
• Post-deployment controls fail because restricting outputs does not resolve purpose, transparency, or minimization concerns before use.

Question 8

Topic: Data Ethics

A bank wants to use transaction data to identify customers who may be entering financial hardship and offer support products. The use is permitted by broad customer terms, but the analysis may infer sensitive circumstances and affect vulnerable customers. Which response best balances legitimate business use with ethical accountability?

Options:

• A. Require an ethical-use review with transparency, minimization, safeguards, and accountability.

• B. Limit access to the model and treat it as a security issue.

• C. Proceed because the customer terms permit the analysis.

• D. Prohibit all hardship analytics because sensitive inferences are possible.

Best answer: A

Explanation: Ethical data use goes beyond whether a use is technically possible or legally permitted. The bank has a legitimate purpose, but the activity may infer sensitive facts about vulnerable people. A balanced response should assess proportionality, use only data needed for the purpose, provide meaningful transparency or choice where appropriate, apply safeguards, and assign accountability for outcomes. This allows beneficial use while reducing the risk of unfair, intrusive, or opaque treatment.

Security controls and legal permission are important, but they do not by themselves resolve ethical concerns about stakeholder rights and the consequences of data use.

• Legal permission alone is too narrow because broad terms do not ensure fairness, transparency, or proportionality.
• Security-only treatment misses ethical issues such as sensitive inference, customer impact, and accountable decision making.
• Total prohibition may be disproportionate when the purpose can be managed with review, controls, and transparency.

Question 9

Topic: Data Ethics

A retailer wants to use customer service chat transcripts and order history to train a churn-prediction model before the next quarterly campaign. The current privacy notice says chat data is used to resolve support issues and improve service quality. Some transcripts may contain sensitive personal details. The organization requires an accountable owner for any new secondary use of customer data. Which action is the best professional decision?

Options:

• A. Proceed only after ethical review, notice alignment, minimization, and accountable approval.

• B. Proceed after removing names, using the existing service-quality notice.

• C. Transfer transcripts to a restricted sandbox and let marketing validate value.

• D. Use the full history now because churn reduction is a legitimate purpose.

Best answer: A

Explanation: Ethical data use requires more than a useful business purpose. The proposed churn model is a secondary use of support transcripts, and the existing notice may not clearly cover that purpose. Because transcripts may include sensitive details, proportionality matters: use only the data needed, redact or exclude sensitive content where possible, and confirm transparency expectations before training. Accountability also matters because the organization requires an owner for new secondary uses. An ethical or privacy impact review is the practical mechanism to document purpose, stakeholder impacts, safeguards, approval, and monitoring before use. Speed and restricted access help, but they do not replace transparency, minimization, and accountable governance.

• Business value alone fails because a legitimate commercial purpose does not override transparency and stakeholder-rights concerns.
• Removing names only is too narrow because sensitive details can remain and the notice may not cover the new purpose.
• Restricted sandbox access reduces security exposure but does not address purpose limitation, proportionality, or accountable approval.

Question 10

Topic: Data Ethics

A retailer collected customer service chat transcripts to resolve support issues. The marketing team now wants to mine the transcripts for mentions of illness, unemployment, or financial stress and combine the results with purchase history to target promotions. The activity is technically feasible and access can be restricted. What is the most appropriate next step from an ethical data-use perspective?

Options:

• A. Proceed after confirming the transcripts are complete

• B. Submit the use for governance review and minimize sensitive inputs

• C. Ask IT to approve the data extraction method

• D. Proceed if role-based access controls are enforced

Best answer: B

Explanation: Ethical data use goes beyond technical feasibility and access control. The proposed activity repurposes support data for marketing and creates sensitive inferences about health, employment, and financial vulnerability. That combination raises concerns about fairness, transparency, purpose limitation, and potential harm. A governance or ethics review should assess whether the use is appropriate, what communication or consent is needed, and how to minimize or exclude sensitive data. Access controls and data quality checks may be necessary later, but they do not answer whether the use should occur or under what accountable conditions.

The key distinction is between controlling access to data and governing whether the use of data is ethically justified.

• Access control only reduces unauthorized access but does not address sensitive inference, purpose change, or fairness concerns.
• Completeness check supports data quality but does not determine whether targeting vulnerable customers is appropriate.
• IT approval addresses technical execution, not accountability for ethical data use or business purpose.

Continue in the web app

Use IT Mastery for interactive DAMA CDMP Data Management Fundamentals practice with mixed sets, timed mocks, topic drills, explanations, and progress tracking.

Try DAMA CDMP Data Management Fundamentals on Web

Related focused pages

• Free DAMA CDMP Data Management Fundamentals Full-Length Practice Exam
• Data Management Process
• Big Data
• Data Architecture
• Document and Content Management
• Data Governance
• Data Integration and Interoperability
• Master and Reference Data Management
• Data Modelling and Design
• Data Quality
• Data Security
• Data Storage and Operations
• Data Warehousing and Business Intelligence
• Metadata Management