Mitchell McCullough_CYB 260 Project One Milestone Template

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

260

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

5

Uploaded by AmbassadorHippopotamusMaster1228

Report
CYB 260 Project One Milestone Template I. Analysis of Requirements Select three fair information practice principles from the privacy statement provided by your instructor. Then fill in the blank cells in the table below. Requirements Table Fair Information Practice Principle Applicable Privacy Law or Laws Level of Compliance Safeguards Protecting the Account To be compliant with European law General Data Protection Regulation. For compliance in the United States HIPAA, COPPA, ECPA, and relevant state laws. While the privacy statement demonstrates some compliance by implementing security measures like passwords and consequences for violators, there is room for improvement in ensuring the ongoing security of user accounts. Additional measures could be explored to further enhance account security and strengthen the overall protection of user information. Regarding account security, a recommended measure involves integrating Multi- Factor Authentication (MFA). This additional layer of protection ensures that only authorized users can access accounts, which is especially critical when handling health data collection. MFA serves as a robust barrier against unauthorized access, placing a high priority on the privacy and security of sensitive information. 1
Fair Information Practice Principle Applicable Privacy Law or Laws Level of Compliance Safeguards Information Collected and How it is used The Health Insurance Portability and Accountability Act, the Child Online Privacy Protection Act, along with whatever state laws that may apply to this collection and use of information. The privacy statement lacks comprehensive information on how user information is protected and fails to mention COPPA, a law safeguarding children's data. Additionally, it does not adequately clarify how user information is utilized. Although the introduction references storing information in relevant departments, it does not specify if data might be shared with third parties. To enhance clarity and transparency, the privacy statement should explicitly outline how user data is safeguarded, include information about COPPA for children's protection, and explicitly mention any potential sharing with third parties. We have implemented a safeguard to prohibit the sharing of minors' data with third parties, ensuring compliance with COPPA regulations. Furthermore, all stored information is encrypted, adding an extra layer of protection. This encryption measure bolsters overall data security, underscoring our commitment to upholding stringent standards of privacy and security for all users, with particular emphasis on safeguarding minors 2
Fair Information Practice Principle Applicable Privacy Law or Laws Level of Compliance Safeguards Personal Information and the right to chose The laws that apply to this section are HIPAA, GDPR, along with relevant local and regional laws. The privacy statement appears to align with regulatory standards, allowing users the option to refrain from sharing their personal information for a specific activity. This demonstrates a conscientious approach to privacy, granting individuals the liberty to control the utilization of their personal data in a particular context. This user-centric option adheres to privacy principles, emphasizing transparency and respecting individuals' choices regarding the divulgence of their personal information. An existing protective measure upholds this principle: user personal information is solely gathered when individuals voluntarily provide it or explicitly consent to its sharing. This highlights a proactive approach to privacy, guaranteeing that the acquisition of individuals' personal data is rooted in voluntary actions or explicit agreements. Such an approach is in line with privacy principles, demonstrating a commitment to transparency and recognition of users' preferences regarding the collection and sharing of their personal information. II. Business Implications A. Discuss the role of ethics as a business driver in this decision. How do the organizational values (as an ethical stance) align to the decision? What responsibility does the organization have pertaining to privacy? Insert your response in the box below. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help