The PRIMARY concern of an information security manager documenting a formal data retention policy would be:

A. generally accepted industry best practices.

B. business requirements.

C. legislative and regulatory requirements.

D. storage availability.

Explanation:

The primary concern will be to comply with legislation and regulation but only if this is a genuine business requirement. Best practices may be a useful guide but not a primary concern. Legislative and regulatory requirements are only relevant if compliance is a business need. Storage is irrelevant since whatever is needed must be provided