A data governance strategy has been defined by the IT strategy committee which includes privacy objectives related to access controls, authorized use, and data collection. Which of the following should the committee do NEXT? 

Answer options:

A. Mandate the creation of a data privacy policy.
B. Establish a data privacy budget.
C. Perform a data privacy impact assessment.
D. Mandate data privacy training for employees.

A