An organization has a datacenter manned 24 hours a day that processes highly sensitive information. The datacenter includes email servers, and administrators purge email older than six months to comply with the organization's security policy. Access to the datacenter is controlled, and all systems that process sensitive information are marked. Administrators routinely back up data processed in the datacenter. They keep a copy of the backups on site and send an unmarked copy to one of the company warehouses. Warehouse workers organize the media by date, and they have backups from the last 20 years. Employees work at the warehouse during the day and lock it when they leave at night and over the weekends. Recently a theft at the warehouse resulted in the loss of all of the offsite backup tapes. Later, copies of their data, including sensitive emails from years ago, began appearing on Internet sites, exposing the organization's internal sensitive data.
Of the following choices, what would have prevented this loss without sacrificing security?
A. Mark the media kept offsite.
B. Don't store data offsite.
C. Destroy the backups offsite.
D. Use a secure offsite storage facility.

Upon examining the example that is given in the question, it is clear that storing the copies of the data at a warehouse which has no security at nights and on the weekends is a poor decision and it is what caused this problem.

Backups from the last 20 years is serious security risk and a liability to the company if they were to be exposed so they should have been more careful about this and stored the data at a secure offsite storage where there is security 24/7 and there is no possibility of theft which would have prevented this from happening.

I hope this answer helps.