An organization plans to allow third parties to collect customer personal data from a retail loyalty platform via an application programming interface (API). Which of the following should be the PRIMARY consideration when designing this API?

A. Data governance policies
B. System resilience
C. Regulatory compliance
D. Data availability