Which of the following is MOST important for an IS auditor to determine when evaluating a database for privacy-related risks? 

Answer options:

A. Whether copies of production data are masked
B. Whether the integrity of the data dictionary is maintained
C. Whether data import and export procedures are approved
D. Whether all database tables are normalized

B