Information classification of personal information may trigger specific regulatory obligations. Which statement is the BEST response from a privacy perspective:
Your company has been alerted that an IT vendor began utilizing a subcontractor located in a country restricted by company policy. What is the BEST approach to handle this situation?