A financial services firm is operationalizing an AI-driven fraud detection system. The project manager needs to ensure the tool complies with relevant data privacy laws while providing secure data access to only authorized personnel.
What is an effective technique to address these requirements?
Correct Answer: B
In an AI-driven fraud detection context, PMI-CP/CPMAI guidance on data governance stresses that compliance with privacy laws and the principle of "least privilege" must be enforced with technical access controls as well as policies. While a data classification policy and privacy impact assessments are important, they mainly describe and analyze risks; they do not by themselves prevent unauthorized access.
An effective technique that directly addresses "secure data access to only authorized personnel" is role-based access control (RBAC). RBAC ties access rights to defined roles (e.g., fraud analyst, data scientist, auditor), ensuring that users see only the data necessary for their job and nothing more. This supports compliance with privacy regulations that require data minimization, access limitation, and accountability. It also provides an auditable structure for who can access what, which is critical during regulatory reviews or incidents.
Within AI projects, RBAC should be applied across data stores, model monitoring dashboards, and operational interfaces so that sensitive transaction and identity data are protected end to end. Therefore, among the options presented, utilizing role-based access control (RBAC) to limit data access is the most direct and effective technique to satisfy both legal compliance and secure, authorized-only access.