A security administrator wants to determine what data is allowed to be collected from users of the corporate Internet-facing web application. Which of the following should be referenced?
A.
Privacy policy
B.
Human Resources policy
C.
Appropriate use policy
D.
Security policy