Case 1: Cambridge Analytica Facebook Data Scandal
1) What Wrong? i. Facebook mishandled data in 2018.
ii. Exposure of Cambridge Analytica. Questioning data safety and disclosing regulations about personal data.
2) Prevention i. Data auditing ii. Data harvesting and transparency
iii. stringent data users’ policy
2) Implemented measures I. Restriction on personal data use i. To access user’s personal information, you must preauthorize
iii. Applications Review Iv. Unverified Apps: Restricted Data Access
4) The outcome i. Manipulation results from the 2020 US Elections. ii. Access to restricted data only for researchers
Case 2: Yahoo Case 2013.
1) What Is Wrong? An insufficient security strategy.
ii. There are no procedures that can be used to protect servers of an organization and individual user information such as telephone numbers and passwords.
2) Prevention i. Comprehensive insurance coverage utilization
ii. To avoid further damage, members should be notified of the assault
3. Implemented security measures, including password on-demand options
ii. data encryption for emails.
iii. Changes in passwords for non-Yahoo service.
4) The outcome i. Financial loss
ii. Legal actions
Yahoo! was abandoned by more than 25% of its 3 billion users to be replaced with Gmail.
Case 3: Salem Hospital Data Breach
1) What Goes Wrong? Worker’s email accounts were accessed by unauthorized personnel
ii. One hacker obtained hospital information including names, birth dates, and information about treatment.
2) Prevention To prevent illegal access to email, increase security.
ii. Secure exchange of patient data iii. Private files secured for employees
iv. Employees do not use personal email to exchange or keep patient information.
3. Implemented Measures
i. Establishing a solid foundation for applications and an IT infrastructure.
ii. Investigate immediately to find the perpetrator. Secure all email accounts
iv. Staff training
4) The Outcome of i. No data misuse
ii. Instant security restoration
Training program for staff
Health Breach in Utah – Case #4
1) The Incorrect Answer
Servers of Utah Department of Technology compromised
ii. Compromised data from 21,000 clients, current and past iii. Computer malware that required the user to click F12 in the browser, accidentally gathered personal data.
2) Prevention Respect for regulations, standards, or requirements
ii. description of management control. Conformance with Health Insurance Portability and Accountability Acts (HIPAA) regulations.
3. Implemented Measures
i. Implement the HIPAA policy for encryption.
ii. Review antiviral strategies
iii. Ongoing Education of Employees Privacy of Networks vs. Implementation of BYOD Policy