Which statement best reflects Piedmont's privacy policy elements?

A privacy policy should reflect how data is handled: you collect only what you need, you use it for the disclosed purposes, you obtain consent where required, you limit who can access it, and you notify people if there’s a data breach. The statement that lists data minimization, purpose limitation, consent, access controls, and breach notification captures these fundamental protections—showing disciplined data handling and transparency. This combination demonstrates an organized approach to privacy that helps protect individuals and meets common data protection expectations. The other ideas miss important protections: collecting data for years without consent ignores the need to minimize and obtain proper authorization; sharing data with third parties without notice bypasses consent and transparency; and applying the policy only to employees ignores the broader scope of privacy that includes customers, partners, and other data subjects.