An organization has granted a vendor access to its data in order to analyze customer behavior. Which of the following would be the MOST effective control to mitigate the risk of customer data leakage?

A. Restrict access to customer data on a “need to know” basis
B. Enforce criminal background checks
C. Mask customer data fields
D. Require vendor to sign a confidentiality agreement