Which of the following is the PRIMARY objective of privacy incident response?

[Reference: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-4/incident-response-models, The primary objective of privacy incident response is to mitigate the impact of privacy incidents on the organization and the data subjects. Privacy incident response is a process that involves identifying, containing, analyzing, resolving, and learning from privacy incidents that involve personal data. Privacy incident response aims to reduce the harm and liability that may result from privacy incidents, such as reputational damage, regulatory fines, legal actions, or loss of trust. Privacy incident response also helps to improve the organization’s privacy posture and resilience by implementing corrective and preventive measures., While notifying data subjects impacted by privacy incidents may be a legal or ethical obligation, it is not the primary objective of privacy incident response. Rather, it is one of the possible steps or outcomes of the process, depending on the nature and severity of the incident. Similarly, reducing privacy risk to the lowest possible level or optimizing the costs associated with privacy incidents are desirable goals, but not the main purpose of privacy incident response., References: Privacy incidents and breaches, DHS Privacy Incident Handling Guidance, Incident and Breach Management, , ]