Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
A . Need to comply with breach disclosure laws
B . Fiduciary responsibility to safeguard credit information
C . Need to transfer the risk associated with hosting PII data
D . Need to better understand the risk associated with using PII data
Answer: D