A commercial cyber-threat intelligence organization observes IoCs across a variety of unrelated customers.
Prior to releasing specific threat intelligence to other paid subscribers, the organization is MOST likely obligated by contracts to:
A . perform attribution to specific APTs and nation-state actors.
B . anonymize any PII that is observed within the IoC data.
C . add metadata to track the utilization of threat intelligence reports.
D . assist companies with impact assessments based on the observed data.
Answer: B