Information sharing with executives should comply with what?

• A. Keep information siloed within security.
• B. Share only with HR and security without oversight.
• C. Maintain confidentiality and comply with privacy rules.
• D. Share all data publicly with no restrictions.

Answer: (C)

The key idea is to share information with executives in a way that protects sensitive data while meeting privacy obligations. Executives need enough relevant information to make informed decisions, but data should be handled with appropriate controls: only what’s necessary (need-to-know), across approved channels, and under established policies. This means applying data classification, role-based access, encryption for transmission, and keeping audit trails of what is shared and with whom.

Privacy rules and laws govern how personal or sensitive information can be shared, stored, and retained. Compliance requires using a lawful basis for sharing, minimizing data exposure, and respecting individuals’ rights, including notification and access when required.

Siloing information prevents informed leadership, while sharing indiscriminately or publicly breaks confidentiality and violates legal and policy requirements.