Which statement accurately represents the handling of sensitive data?

The statement that it must be protected and retained securely accurately reflects the best practices for handling sensitive data. Sensitive data, by its nature, includes personal information or any information that could lead to privacy breaches or security incidents if exposed. Organizations are responsible for ensuring that sensitive data is stored in a secure manner, employing measures such as encryption, access controls, and secure storage solutions to prevent unauthorized access. Additionally, retaining sensitive data securely involves adhering to legal and regulatory requirements that dictate how long such information should be kept and the methods for its destruction when it is no longer needed.

This approach protects individuals and organizations from potential risks associated with data exposure, such as identity theft or compliance violations, highlighting the importance of safeguarding sensitive information at all stages—from collection to retention and, ultimately, destruction.