To establish a privacy organization structure in a bank, which one of the following is least practiced by the industry for the positioning of privacy organization?
A . Privacy reporting to the Chief Information Officer (CIO)
B . Privacy reporting to the Chief Risk Officer (CRO)
C . Privacy reporting to corporate communication function
D . Privacy reporting to legal function
Answer: A