A data breach occurs at a company.

This question falls under theData Governancedomain, focusing on data breach response protocols. A data breach requires a structured response to comply with legal and regulatory requirements.

Make an announcement on social media so customers are aware as soon as possible (Option A): Public announcement without internal coordination or regulatory notificationcan lead to legal issues and loss of trust.

Tell the company management team and then tell regulatory agencies (Option B): This follows best practices: inform internal leadership to coordinate a response, then notify regulatory agencies as required by laws (e.g., GDPR mandates notification within 72 hours).

Keep the incident a secret until the issue is resolved (Option C): This violates regulations requiring timely breach notification.

Inform the entire IT sector, but ask for discretion (Option D): Sharing with the IT sector is vague and risks leaks; regulatory agencies should be prioritized.

The DA0-002 Data Governance domain includes "data privacy concepts," such as proper breach response procedures, emphasizing internal and regulatory notification.