A start-up organization wants to develop a data loss prevention program (DLP). The FIRST step should be to implement:

A. data encryption.
B. access controls.
C. data classification.
D. security awareness training.