Which of these is not part of the security program required by DATA to prevent compromise of critical information?

Multiple Choice

Develop, document and maintain a security policy for the collection, use, sale, dissemination, and maintenance of personal identifying information

Establish contracts with third parties with access to the information to establish controls that meet the requirements of the Act

Establish a process to identify risks and vulnerabilities of potential breaches and implement administrative and technical controls to mitigate the risk of compromise of the personal identifying information

Develop a procedure to efficiently and effectively notify affected parties and regulators in the event of a data breach.