Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some
technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for
problem resolution. Which of the following MUST be considered prior to sending data to a third party?

A.
The data should be encrypted prior to transport

B.
This would not constitute unauthorized data sharing

C.
This may violate data ownership and non-disclosure agreements

D.
Acme Corp should send the data to ABC Services’ vendor instead

Explanation:
With sending your data to a third party is already a risk since the third party may have a different policy
than yours. Data ownership and non-disclosure is already a risk that you will have to accept since the data
will be sent for debugging /troubleshooting purposes which will result in definite disclosure of the data.
Incorrect Answers:
A: Encrypting the data prior to transport will not negate the fact that the third party needs to send debug
data to a third party for troubleshooting purposes.
B: The question mentions that the company has outsources proprietary business processes which means
it is authorized data sharing in this case since the data is being sent to the third party for troubleshooting
purposes.D: ABC’s vendor does not have the agreement with Acme Corp since it is an Acme Corp proprietary
business process.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 419-420