An IS audit of an organization’s data classification policies finds some areas of the policies may not be up-to-date with new data privacy regulations. What should management do FIRST to address the risk of noncompliance?
A. Conduct a privacy impact assessment to identify gaps
B. Reclassify information based on revised information classification labels
C. Mandate training on the new privacy regulations
D. Perform a data discovery exercise to identify all personal data
A. Conduct a privacy impact assessment to identify gaps
B. Reclassify information based on revised information classification labels
C. Mandate training on the new privacy regulations
D. Perform a data discovery exercise to identify all personal data