Blog

Muffins&More, a company established in 1945, sells muffins, danishes, croissants, and breads. Until 2020, Muffins&More accepted only cash as payment. In 2020, Muffins&More decided to take online orders and allow customers to pay with credit cards. Along with this decision to take credit cards, Muffins&More joined the self-regulatory system known as PCI DSS. In the company’s new website, Muffins&More informed its customers that the company adhered to the security standard required by PCI DSS. By the beginning of 2021, Muffins&More had failed to develop a plan to address the security of the financial information that the company collected on its customers. What potential sanctions is Muffins&More facing?

According to the material provided in this class, privacy has been defined as:

The main purpose of information management programs is to help organizations create good privacy practices that comply with applicable laws and reduce reputational risks. The role of a privacy professional in the creation of information management programs is to:

Reaching consensus on a federal data breach law is difficult. Which of the following issues factor into this difficulty?

In 2021, a prominent threat analysis group identified an approach used for nation-state attacks. The hackers set up a cybersecurity blog in an attempt to build credibility with potential targets. In the blog, the hackers focused on vulnerabilities that were actually already public. The hackers then created a series of Twitter accounts linked to the blog. The hackers, posing as the authors of the blog, reached out to security researchers, asking them to collaborate on their work. When the security researchers responded, the hackers sent these researchers Visual Studio Projects software containing malware, which infect the researchers’ computers. This type of threat to online privacy is known as:

Most of the state data destruction laws across the country share common elements. These common elements describe:

Criminal enforcement actions can result in imprisonment or criminal fines. Which federal agency or agencies are able to bring criminal enforcement actions?

DocSky is a company dedicated to storing individual health records for doctors around the U.S. DocSky only provides these cloud services for doctors who are not defined as covered entities. In December, DocSky suffers a hack. Is DocSky required to report the data breach pursuant to the requirements of HIPAA and HITECH?

A non-profit group named Profiles Are Invasive (PAI) advocates for restricting companies’ ability to collect information on consumers when this data is used to create profiles based on consumer preferences, behavior, and attitudes. A team of PAI volunteers researched the status of the law in the U.S. Their report concluded:

Following a number of major data breaches over the last year, your employer is looking to increase trust in their privacy practices with online consumers. They should: