Strengthening governance, risk management, and internal control capability to protect sensitive data.