Which statement BEST describes an organization's obligation to comply with a country's information-security laws and regulations when it conducts business within that country's borders?
Compliance is required only if the organization stores data physically inside the country's borders; remote or cloud-based activities are exempt.
They apply to any organization that conducts business or processes data within the country, regardless of where the organization is headquartered.
An organization can choose which nation's laws it will follow, provided it documents the decision in a written risk acceptance.
They apply only to organizations that are incorporated in that country; foreign firms may rely solely on their home-country laws.
Any organization that operates, processes data, or otherwise conducts business within a country is subject to that nation's information-security and privacy laws, even if the company is foreign-owned or headquartered elsewhere. This concept-often referred to as data sovereignty-means compliance is mandatory in each jurisdiction where operations occur; failure can lead to fines, sanctions, or loss of the right to do business. The other options are incorrect because host-nation laws are not optional, cannot be ignored in favor of home-country rules, and apply to activities such as cloud or remote processing, not only to data stored physically on local servers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of information security laws that organizations must comply with?
Open an interactive chat with Bash
What could happen if an organization fails to comply with these information security laws?
Open an interactive chat with Bash
How do organizations ensure compliance with different countries' information security laws?