You're the Information Security Manager of a multinational organization. In a bid to improve security, there's a proposal to limit data access to only employees within specific regions. What should be your PRIMARY consideration before implementing such a policy?