Which of the following statements about data privacy and security controls is true?

A solid approach to data privacy and security uses layered protections that cover both the physical and digital realms. Physical controls limit who can physically access devices, data centers, or storage media—things like locked rooms, badge access, and cameras help prevent theft or tampering. Logical controls govern how data is accessed and protected in systems—authentication, authorization, encryption, audit logging, and continuous monitoring. Neither type alone is enough. If you rely only on physical safeguards, a stolen laptop or unsecure device can expose data unless there are strong protections in place at the software level. If you rely only on logical protections, someone with physical access could bypass them by tampering with hardware or using the device directly. Encryption is important, but privacy encompasses more than encryption alone—data minimization, access governance, policy compliance, and incident response all play roles. So, the statement that both physical and logical controls are necessary best reflects how to protect privacy and security.