What is the BEST way for an IS auditor to address the risk associated with over-retention of personal data after identifying a large number of customer records retained beyond the retention period defined by law?
A. Recommend automating deletion of records beyond the retention period.
B. Schedule regular internal audits to identify records for deletion.
C. Report the retention period noncompliance to the regulatory authority.
D. Escalate the over-retention issue to the data privacy officer for follow-up.
A. Recommend automating deletion of records beyond the retention period.
B. Schedule regular internal audits to identify records for deletion.
C. Report the retention period noncompliance to the regulatory authority.
D. Escalate the over-retention issue to the data privacy officer for follow-up.