How should sensitive customer data be handled?

Sensitive customer data should be encrypted and accessed only by authorized personnel to ensure its confidentiality and integrity. Encryption transforms the data into a format that is unreadable without the correct decryption key, protecting it from unauthorized access. This is crucial in safeguarding against data breaches, ensuring that even if data is intercepted, it cannot be used without the appropriate access rights.

Accessing sensitive data only by authorized personnel further enhances security by limiting the risk of internal and external threats. This practice aligns with legal regulations and best practices in data management, highlighting the importance of keeping customer information secure and private.

The other options present practices that could lead to significant security risks. Sharing sensitive data freely among employees increases the chances of leaks or misuse. Storing data in plaintext makes it easily accessible to anyone who gains access to the system, thus compromising its security. Deleting data after a set period may not account for retention policies required by law or operational needs, potentially leading to non-compliance and loss of critical records. Therefore, the correct approach prioritizes encryption and controlled access to protect sensitive customer information effectively.