An IS auditor is evaluating the completeness of privacy procedures involving personally identifiable information (PII).
Which of the following is MOST important for the auditor to verify is included in the procedures?
A . Regulatory requirements for protecting PII
B . The organization’s definition of PII
C . Encryption requirements for transmitting PII externally
D . A description of how PII is masked within key systems
Answer: A