Question: You are an information security professional who discovers that your company is planning to implement a new system that you believe could violate customer privacy laws and compromise personal data. However, you are not directly responsible for this system, and your manager insists that the implementation is legal and business-critical. According to the ISC2 Code of Ethics, what is your best course of action in this scenario?