Description
Prior to beginning work on this discussion read Chapter 4 from the text, the Will Your Company’s Electronic Records Storage Withstand Legal Scrutiny? (Links to an external site.) article, and review any relevant information from this week’s lecture.
One of the more important duties of a CIO, both to their company and their company’s customers, is to maintain data accurately. As a CIO, despite your best intentions, accidents and mistakes can happen (e.g., data can get corrupted, human error, hardware failure, etc.). Reusing or circulating inaccurate data, especially personal information, can have many negative consequences for the company, the customers, and for the CIO. Additionally, hackers and security threats can compromise the integrity of your company’s data. For your initial post, you will take on the role of a CIO and address the following elements for your company that manages the personal information for its 100,000 customers:
Explain the importance of maintaining the accuracy of customers’ personal information.
Explain how maintaining accurate personal information affects the privacy of a company’s customers.
Explain the ramifications on a customer’s privacy when an organization poorly maintains customer information.
Your initial post should be a minimum 250 words.
2- Discussion two: Du2 Oct/07
- Prior to beginning work on this interactive assignment read Chapter 4 from the text. Review the instructions below and research at least one additional scholarly and/or credible professional source to support your statements. (Access the MISM Credible Resource Guide (Links to an external site.) for assistance with finding appropriate credible professional resources.)
- Most employee handbooks for large organizations notify employees that there is no expectation of privacy for employees in their digital work activities (e.g., accessing documents and programs on a company network or looking at websites on a company network) and work communications (e.g., emails or work cell phone usage).
- For this interactive assignment, you are the CIO of a new organization and you are tasked with building a new IT group. As part of your research, you are asked to do the following:
Research an example of the Employee Privacy section of an employee handbook that addresses digital work activities and communication.
State the origin of the information.
Analyze this section’s effectiveness for notifying employees of privacy expectations while they use company owned or operated work resources.
Create your own Employee Privacy section (using your own words).
Explain why your section is an improvement from the example you shared above.
Your initial post should be a minimum of 300 words.
Assignment: Due OCT/11
Federal Compliance
Prior to beginning work on this assignment read Chapters 4 and 5 from the course text and review any relevant information from this week’s lecture. Review the instructions below and research at least three additional scholarly sources and a minimum of one credible professional sources to support your statements. (Access the MISM Credible Resource Guide (Links to an external site.) for assistance with finding appropriate credible professional resources.)
- As a CIO, you will be responsible for your company’s compliance with certain federal laws. Additionally, there may be several industry-regulated standards or guidelines that your company may voluntarily follow which may add security and/or social benefit to the management of your company’s data. In this scenario, you are the CIO of a publicly-traded American corporation that provides health care consulting to families who are seeking international medical treatment for their children. The company automatically charges its customers on a monthly basis from their credit card, debit card, or bank account using personal financial data that the company stores and manages. For this assignment, you will analyze federal laws as well as a voluntary, industry-based set of standards that pertain to data management. Select a minimum of three federal laws and one voluntary-based set of standards and include the elements below. For this assignment, you do not need to consider the implications of any state specific laws.
Provide a brief overview of each federal law and the voluntary industry-based standard.
- Analyze legal issues regarding data management and describe how the company must comply with each federal law and the voluntary, industry-based standard.
- Explain the legal and/or financial consequences to the company for non-compliance of each federal law and the voluntary industry-based standard.
- The Federal Compliance paper
Explanation & Answer
Please view explanation and answer below.
1
Employee Privacy
Name
University
Course
Date
2
Netflix: Employee Privacy Policy
Every organization has an employee privacy policy document that specifies the rules and
processes of collecting and disclosing personal information. At Netflix, the company has a
candidate privacy statement that explains its data collection practices and how the information is
utilized (Netflix, 2021). The clause applies to people looking from employment to the ones
already working in the company. The statement originated from the desire to keep track of
everyone visiting the Netflix site and clicking on the posted jobs. The organization always wants
to know how many people are interested in working for it and the number it reaches once an
offer is posted. The section effectively notifies workers about the privacy expectations by
indicating they are immediately on the company’s radar even by show of good faith. Netflix
separates the classes of information it can collect from applicants. First, it has a subsection called
identifiers that collect a broad range of information such as email, phone number, and address. It
also specifies the protected information under California law. Employees know they are not
defined by race, ethnicity, or citizenship. Additionally, since Netflix only allows an online
application, personal information is collected according to interaction with the job sites.
Personal Employee Privacy Section
Personal information collected: We collect any information related to the company’s operations.
As long as one is employed here, we access any data related to work activities.
Exceptions: We understand this business is online-based. Therefore, we ensure we do not collect
information on personal communication. We, however, advise against using the company’s
equipment to interact as the data will be saved automatically in our systems.
3
Protected information: We do not collect information that would likely lead to discrimination.
Data such as race, citizenship, sexual orientation, and gender identity are exempted, although
specific characteristics may be required during application to avoid disparate discrimination.
The section is not as comprehensive as Netflix’s, but it is an improvement since it
highlights three essential areas about employee privacy. Unlike the company’s statement, the
privacy policy is not concerned with workers interested in working for the organization. It
concentrates on the ones already recruited. It also separates personal and works information
while disclaiming when a user’s information might be automatically recorded. Conclusively, it
protects workers from possible exploitation by disregarding personal orientation.
4
Reference
Netflix. (2021). Candidate Privacy Statement. Retrieved 8 October 2021 from
https://jobs.netflix.com/candidateprivacy
1
Discussion: Customer’s Personal Information
Name
University
Course
Date
2
Importance of Maintaining Accuracy of Customers’ Personal Information
Since information is essential in any business, it is advisable always to maintain accurate
data to make the right decisions about operations. Reliable data tells an organization about the
routes it should take to drive up sales. Secondly, updated information saves costs that would be
incurred if ineffective strategies. Finally, personal information improves customer satisfaction
and experience. Having the correct data informs the management about consumers’ preferences
and how they would love the products to be presented.
How Maintaining Accurate Personal Information Affects the Customer’s Privacy
Having the correct information about consumers ensures data is used to the extent of the
intended purpose. It is possible to prevent unauthorized access when data is up to date because
the handlers know how to maintain it. Moreover, constant updating does not only involve
familiarizing with clients’ data but also the system. According to Asghar et al. (2017), as
information continues to flow, companies improve their infrastructure to accommodate big data.
Finally, inaccurate data is subject to deletion, which makes it easier for hackers to access.
Sometimes the methods used to erase information may be obsolete, leaving data at the hands of
exploiters.
Ramifications of Poorly Maintaining Customer Information
The main implication of poorly maintaining consumer data is a breach. Information may
fall into the wrong hands if the systems used to hold it are obsolete (Asghar et al., 2017).
Consequently, access by unauthorized users can lead to manipulation and blackmail. Customers
often share details such as area of residence, emails, and bank details. Such information can
place users at the mercy of exploiters. Finally, it shows a company’s lack of commitment to
consumer protection. While some breaches may occur through mistakes, an organization should
3
ensure it identifies and mitigates any loophole in its system to show it is concerned about
safeguarding consumers’ interests.
4
Reference
Asghar, M. R., Dán, G., Miorandi, D., & Chlamtac, I. (2017). Smart meter data privacy: A
survey. IEEE Communications Surveys & Tutorials, 19(4), 2820-2835.
View attached exp...