Question 1

Hackers infiltrate the computer system of Metro Bank and steal the personal information of Metro's customers and employees.Individuals whose personal information is involved in the breach should be notified,as required by law in

A)all states.
B)forty-seven states.
C)no state.
D)one state-California.

B

Accepted Answer

The hackers can be charged with unauthorized access of protected computers under the Computer Fraud and Abuse Act (CFAA). This act criminalizes hacking and unauthorized access of protected computers, which would apply in this situation. Civil sanctions may also be possible, but the criminal penalties under the CFAA are more severe. A lawsuit by the Federal Trade Commission may also be possible, but it would depend on the specific circumstances of the case. A "watch list" is not a formal legal sanction, so it is not a viable option for holding hackers accountable for their actions.

Question 2

The existence of an ethical duty on the part of Commerce & Trade Company,and other businesses,to prevent an attack by hackers on business computer systems,and consequent theft of customers' and employees' personal data,is evidenced by

A)a business's offer of credit monitoring in the event of a breach.
B)a business's cyber security insurance.
C)the individuals' trust in the business to protect their data.
D)a business's stated "Privacy Policy."

A

Accepted Answer

A

Question 3

Hackers infiltrate the computer system of Metro Bank and steal the personal information of Metro's customers and employees.Individuals whose personal information is involved in the breach should be notified,as required by law in

A)all states.
B)forty-seven states.
C)no state.
D)one state-California.

B

Accepted Answer

47 states in the US have breach notification laws that require companies to notify individuals whose personal information has been compromised in a data breach. Therefore, Metro Bank would be required by law to notify affected individuals in 47 states.

Question 4

USA Sales Company publishes a &#34;Privacy Policy&#34; to attract customers,but fails to invest adequate resources in cyber security.A lack of security that allows hackers to steal customers' personal data from a business's computer system can be&#8203;&#10;A)the hackers' defense to criminal charges.&#10;B)the ground for a suit by the Federal Trade Commission.&#10;C)the basis for USA's recovery under a traditional insurance policy.&#10;D)a source of bad publicity,but there are no other consequences.

Accepted Answer

The lack of adequate cyber security measures would violate the customer's privacy, which would be a violation of the Federal Trade Commission Act. The Federal Trade Commission can file a lawsuit against the company, which may lead to fines or other legal consequences.

Deck 37: Application and Ethics: The Biggest Data Breach of All Time