Include at least 250 words in your posting and at least 250 words in your reply.  Indicate at least one source or reference in your original post. Please see syllabus for details on submission re

 Include at least 250 words in your posting and at least 250 words in your reply.  Indicate at least one source or reference in your original post. Please see syllabus for details on submission requirements.

Module 8 Discussion Question

Search "scholar.google.com" or your textbook. Discuss the issues organization’s face with regards to the protection of its customer information. How might an organization notify its users that all communications are being monitored and preserved? How will end users typically respond to such announcements? 

Reply(Shiva)

It is normal for organizations to collect their customers’ data and store it in their databases. This act always comes with a price. The organizations have a duty to diligently protect the information at all costs. Even though organizations promise that they will protect their customers’ data, sometimes they fail to do so (Karjoth, Scunter, & Waidner, 2003).

Most organizations face problems for failing to protect their customers’ information. Take the example of a situation where the data is stolen by attackers. The customers’ run to courts demanding compensation. In other cases, organizations are accused of misusing personal data. This is done by selling customers’ data to third parties or using the data for marketing purposes. Sometimes they fail to observe disclosure requirements.

It also happens that some firms delete data accidentally or let unauthorized personnel access it. The end result is that the organization spends millions trying to retrieve the data. Poor handling of clients’ data leads to a bad reputation. Firms should notify their users whenever a breach occurs (Schwartz & Janger, 2007). Organizations have a role of informing their clients that they do collect, monitor and store their data. This can be done by including it in websites where clients are expected to submit their data. They can also send a notification to clients letting them know what time of information is being collected and monitored. If calls are affected, customers should be notified before they start giving their details.

On their side, customers can respond to this by accepting or declining to share their information. They can unsubscribe from services their dislike. Furthermore, they can seek clarification in case there is ambiguity. They can also ask firms to delete their data after the contractual terms.

References

Karjoth, G., Scunter, M., & Waidner, M. (2003, June 24). Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data. Retrieved December 4, 2018, from https://link.springer.com/chapter/10.1007/3-540-36467-6_6

Schwartz, P. M., & Janger, E. J. (2007). Notification of Data Security Breaches 105 Michigan Law Review 2006-2007. Retrieved December 4, 2018, from https://heinonline.org/HOL/LandingPage?handle=hein.journals/mlr105&div=36&id=&page=

Reply(venu)

Organization have the right to monitor their employee’s use of the information and internet including visiting social networking sites, checking e-mails, and instant messaging on computers owned by the organization, during employee’s on-duty hours. Organization need to have a plan to ensure the security of your information assets. Failure to protect your data’s confidentiality might result in customer credit card numbers being stolen, with legal consequences and a loss of goodwill. Lose your clients’ confidential information and you may have fewer of them in the future.

Designated security officer: organizations for security regulations and standards, having a Designated Security Officer is not optional it’s a requirement. Security officer is the one responsible for coordinating and executing our security program. The officer is our internal check and balance. This person or role should report to someone outside of the IT organization to maintain independence.

Policies and Procedures: The policies and procedures component is the place where we get to decide what to do about them. Physical security documents how you will protect all three C-I-A aspects of your data from unauthorized physical access. Authentication, authorization, and accountability establishes procedures for issuing and revoking accounts. It specifies how users authenticate, password creation and aging requirements, and audit trail maintenance. Security awareness makes sure that all users have a copy of your acceptable use policy and know their responsibilities; it also makes sure that your IT employees are engaged in implementing your IT-specific policies.

Risk assessment: This component identifies and assesses the risks that your security program intends to manage. Unauthorized access to your own data and client or customer data. Remember, if you have confidential information from clients or customers, you’re often contractually obliged to protect that data as if it were your own.