The data access requirements for an application should be determined by the:

A. legal department.

B. compliance officer.

C. information security manager.

D. business owner.

Explanation:

Business owners are ultimately responsible for their applications. The legal department, compliance officer and information security manager all can advise, but do not have final responsibility.