Which of the following should be the MOST important criteria when defining data retention policies?

A. Capacity requirements
B. Audit findings
C. Regulatory requirements
D. Industry best practices