The security administrator at a company has received a subpoena for the release of all the email
received and sent by the company Chief Information Officer (CIO) for the past three years. The
security administrator is only able to find one year’s worth of email records on the server and is
now concerned about the possible legal implications of not complying with the request. Which of
the following should the security administrator check BEFORE responding to the request?
A.
The company data privacy policies
B.
The company backup logs and archives
C.
The company data retention policies and guidelines
D.
The company data retention procedures