The PRIMARY concern of an information security manager documenting a formal data retention
policy would be:
A.
generally accepted industry best practices.
B.
business requirements.
C.
legislative and regulatory requirements.
D.
storage availability.
Explanation:
The primary concern will be to comply with legislation and regulation but only if this is a genuine
business requirement. Best practices may be a useful guide but not a primary concern. Legislative
and regulatory requirements are only relevant if compliance is a business need. Storage is
irrelevant since whatever is needed must be provided