Name

Institution

Course

Instructor

We will write a custom essay sample on
Name could affect the company negatively. There is
Specifically for you for only $16.38 $13.9/page


order now

Date

 

Abstract

Different
organizations encounter various privacy concerns this, therefore, means that
they must remain aware of the current security alerts and multiple scams to
protect the consumer information. It is also important to be mindful of the
legislation and regulations available to safeguard and provide protection to
the consumers. Companies are at risk of privacy concerns as the result of the
signing of the data that is stored and transmitted as part of the normal
business operation (Grama,
2015). Areas
such as transacting with credit cards, the organization sponsored email
services, wireless networking, and social media communication and in general
the daily business operations trigger significant privacy concern. This paper
seeks to address the matter of the CEO about the amount of information that is
being maintained and continued to be collected at the sporting goods store. The
initial assessment of the possible risks relating to privacy that the sporting
goods store is encountering. Then, the explanation of security threats and
legislation established to govern this kind of risks and lastly the possible
reactive and proactive security measures that the business requires to
institute to deal with the identified potentials risks efficiently.

Possible Privacy Risks

 The significant number of the aforementioned
is concern areas to the sporting goods stores. The fact that the store has
allowed the usage of credit cards payment is potential risks area. Control
mechanisms are necessitated to facilitate protection and securing the credit
card information.  Secondly, the
organization email server has two potential privacy threats that are to the
employee and the business itself. Thirdly, the healthcare collection of data
also has privacy concerns, and this means that it must adhere to the government
standard requirements on storage and collection.  Fourthly, the presence of social media
posses’ privacy to the business and this could affect the company negatively.
There is the availability of the standardized legislation and regulations designed
to provide data security and protection to this organization. According to Grama, (2015), the objective of
the information security is to ensure that integrity, confidentiality, and
availability of the data is maintained.

Confidentiality
ensures that only persons who are authorized or have proper permission can have
access to the business information. With integrity, the information data and
the information system remains accurate by ensuring change in the data does to
occur without the appropriate authorization or permission. Also, availability
facilitates reliable information system, and that info can stay accessible to
the authorized users at any given time (Grama, 2015).  This company must, therefore, ensure regular
monitoring and testing of the networks to make sure that integrity, confidentiality,
and availability of the data is maintained. This group must further make
certain that information security policy is maintained; it should encompass
these controls.

Security Risks and the Applicable
Laws

Any
security breach in this company could potentially expose the confidentiality of
the clients and employees data. Personal, identifiable information requires
being protected by the law. The following are the key risks areas identified
with the sporting goods store and the rules and measures that are designed to
protect all the parties. Credit card payment related security threats; the
company allows the use of credit card payment. To efficiently offer protection
to the card owner, merchants should follow the PCI DSS, that is the Payment
Card Industry measures referred to as the Data Security Standard ( DSS). This
is the contractual agreement entered between the company that is issuing the
payment card and sporting goods store; the aim is to safeguard the information
contained in the card.

Company
email security threat, it is clear that phishing attack could potentially
compromise the system consequently exposing confidential information. Any email
that is written by the employee is not considered private since it can be
monitored on the server. The federal wiretap legislation applies to the
intercepting communications done via emails on the equipment owned by the
employer (Grama, 2015).
 Health screening
security threat, medical information of the patient collection must be done in
a way that does not contravene personal protected health information that is
(PHI).  When the data is gained during
the healthy screening it must, therefore, be in line with the HIPPA privacy and
the security standards requirements of any identifiable information, HITECH ACT
ensures the enforcement of the compliance to the HIPPA security and privacy (Habte, Scarano, & McLaughlin, 2014).

            Social
media related risk, security, and sharing of information are essential areas of
privacy concern about the presence of social media as far as sporting goods
store is concerned. Any disgruntled worker could post information that could
damage the reputation of the organization on the different social media sites (Belbey, 2015).Hackers
could hijack any social media site consequently compromising the image of the
sporting goods store. This company must be conversant with the legal issues
that relate to privacy legislation, adhere strictly to the regulatory data
requirements during collection, storage, handling and processing the workers
and clients data.

Security Measures to Mitigate the
Risks

            This
organization should come up with a formal privacy policy. The policy should
entail all the protection measures to help secure individual data. This system
will give information to the clients and workers about the privacy procedures
and the information confidentiality legislation available. The following are
measures that can be integrated into the sporting good stores to enhance the
privacy of the data.  About the credit
card payments PCI DSS should be implemented to help prevent accessing any
credit information, the control involves ensuring that network is secure,
cardholder protection information at the same time applying access control
measures (Grama, 2015).
About
the email, the company should provide training lessons to ensure that all the
employees are equipped with mechanisms of detecting and preventing any form of
phishing attacks. All employees should understand the formal policy and explain
to them that the company has the right to monitor their emails.

Health
screening, this should have the application of the ‘minimum necessary’
technique and be limiting collection of the self-identifying information; this
should be the least relevant information for the health screening. This helps
minimize fraud relating to the identity theft; it is essential to utilize the
active data collection method, this helps to provide the explanation that the
collection of data is taking place and states the information that is being
obtained. Social media, the policy that explain the usage of the workstation
devices should be formulated. This is also inclusive of the provision
expounding on the negative commentaries by the workers (Belbey, 2015). Facebook
and Twitter account passwords and usernames should remain strong this helps
deter hackers from having access to the account; this will further only allow
users who are trusted to post and comment.

 

 

References

Belbey, J. (2015, May 21). Retrieved fromhttp://www.forbes.com/sites/joannabelbey/2018/01

/21/protect-your-firm-from-the-13-risks-of-social-media/#30d52b954397.

Grama, J. L. (2015).Legal issues in
information security. Sudbury, MA: Jones & Bartlett Learning.

Habte, M. L., Scarano Jr., R. M., &
McLaughlin, P. F. (2014). HHS Imposes First Civil Penalty and Resolution
Agreement Resulting from HITECH Breach Notification Rule. Managed Care Outlook,
25(8), 1-7.

 

 

x

Hi!
I'm Dora!

Would you like to get a custom essay? How about receiving a customized one?

Click here