Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. This global retail company is expected to accept credit card payments.
Which of the following is of MOST concern when defining a security program for this organization?
A . Adherence to local data breach notification laws
B . Compliance to Payment Card Industry (PCI) data security standards
C . Compliance with local government privacy laws
D . International encryption restrictions
Answer: B