An organization has discovered that an employee has been harvesting credit card information from its databases and selling them to a criminal organization. The organization should:

a. Update its privacy policy
b. Quietly terminate the employee
c. Install a key logger and continue to monitor the employee’s actions
d. Notify the owners of the compromised credit card numbers

d. Notify the owners of the compromised credit card numbers