When auditing an ecommerce architecture, the IS auditor discovers that customer master data is retained on the web server for six months after the transaction date. What is the PRIMARY concern?

The primary concern when customer master data is retained on the web server for six months after the transaction date is the confidentiality of customer data. Keeping sensitive customer information accessible on a server for an extended period raises significant privacy risks. If the data is not adequately protected, there is a higher chance of unauthorized access, leading to potential data breaches that could expose personal information such as names, addresses, and payment details.

Confidentiality is crucial in ensuring that this sensitive data is not disclosed to unauthorized parties, which could have legal implications and damage customer trust in the organization. Given the nature of e-commerce and the value of personal data, the risks associated with failing to protect confidentiality are particularly pronounced.

While aspects such as data availability, integrity, and system performance are important in their own right, the primary focus in this context should be on how well customer information is protected against unauthorized access. Ensuring confidentiality safeguards customer trust and complies with regulations such as GDPR or PCI DSS, which mandate stringent measures to protect personal data.