NameInstitutionCourseInstructorDate Abstract Differentorganizations encounter various privacy concerns this, therefore, means thatthey must remain aware of the current security alerts and multiple scams toprotect the consumer information. It is also important to be mindful of thelegislation and regulations available to safeguard and provide protection tothe consumers. Companies are at risk of privacy concerns as the result of thesigning of the data that is stored and transmitted as part of the normalbusiness operation (Grama,2015). Areassuch as transacting with credit cards, the organization sponsored emailservices, wireless networking, and social media communication and in generalthe daily business operations trigger significant privacy concern. This paperseeks to address the matter of the CEO about the amount of information that isbeing maintained and continued to be collected at the sporting goods store. Theinitial assessment of the possible risks relating to privacy that the sportinggoods store is encountering.
Then, the explanation of security threats andlegislation established to govern this kind of risks and lastly the possiblereactive and proactive security measures that the business requires toinstitute to deal with the identified potentials risks efficiently.Possible Privacy Risks The significant number of the aforementionedis concern areas to the sporting goods stores. The fact that the store hasallowed the usage of credit cards payment is potential risks area. Controlmechanisms are necessitated to facilitate protection and securing the creditcard information. Secondly, theorganization email server has two potential privacy threats that are to theemployee and the business itself. Thirdly, the healthcare collection of dataalso has privacy concerns, and this means that it must adhere to the governmentstandard requirements on storage and collection. Fourthly, the presence of social mediaposses’ privacy to the business and this could affect the company negatively.There is the availability of the standardized legislation and regulations designedto provide data security and protection to this organization.
According to Grama, (2015), the objective ofthe information security is to ensure that integrity, confidentiality, andavailability of the data is maintained. Confidentialityensures that only persons who are authorized or have proper permission can haveaccess to the business information. With integrity, the information data andthe information system remains accurate by ensuring change in the data does tooccur without the appropriate authorization or permission. Also, availabilityfacilitates reliable information system, and that info can stay accessible tothe authorized users at any given time (Grama, 2015). This company must, therefore, ensure regularmonitoring and testing of the networks to make sure that integrity, confidentiality,and availability of the data is maintained. This group must further makecertain that information security policy is maintained; it should encompassthese controls.Security Risks and the ApplicableLawsAnysecurity breach in this company could potentially expose the confidentiality ofthe clients and employees data.
Personal, identifiable information requiresbeing protected by the law. The following are the key risks areas identifiedwith the sporting goods store and the rules and measures that are designed toprotect all the parties. Credit card payment related security threats; thecompany allows the use of credit card payment. To efficiently offer protectionto the card owner, merchants should follow the PCI DSS, that is the PaymentCard Industry measures referred to as the Data Security Standard ( DSS).
Thisis the contractual agreement entered between the company that is issuing thepayment card and sporting goods store; the aim is to safeguard the informationcontained in the card.Companyemail security threat, it is clear that phishing attack could potentiallycompromise the system consequently exposing confidential information. Any emailthat is written by the employee is not considered private since it can bemonitored on the server. The federal wiretap legislation applies to theintercepting communications done via emails on the equipment owned by theemployer (Grama, 2015). Health screeningsecurity threat, medical information of the patient collection must be done ina way that does not contravene personal protected health information that is(PHI). When the data is gained duringthe healthy screening it must, therefore, be in line with the HIPPA privacy andthe security standards requirements of any identifiable information, HITECH ACTensures the enforcement of the compliance to the HIPPA security and privacy (Habte, Scarano, & McLaughlin, 2014). Socialmedia related risk, security, and sharing of information are essential areas ofprivacy concern about the presence of social media as far as sporting goodsstore is concerned.
Aboutthe email, the company should provide training lessons to ensure that all theemployees are equipped with mechanisms of detecting and preventing any form ofphishing attacks. All employees should understand the formal policy and explainto them that the company has the right to monitor their emails. Healthscreening, this should have the application of the ‘minimum necessary’technique and be limiting collection of the self-identifying information; thisshould be the least relevant information for the health screening. This helpsminimize fraud relating to the identity theft; it is essential to utilize theactive data collection method, this helps to provide the explanation that thecollection of data is taking place and states the information that is beingobtained. Social media, the policy that explain the usage of the workstationdevices should be formulated. This is also inclusive of the provisionexpounding on the negative commentaries by the workers (Belbey, 2015). Facebookand Twitter account passwords and usernames should remain strong this helpsdeter hackers from having access to the account; this will further only allowusers who are trusted to post and comment.
ReferencesBelbey, J. (2015, May 21). Retrieved fromhttp://www.forbes.com/sites/joannabelbey/2018/01/21/protect-your-firm-from-the-13-risks-of-social-media/#30d52b954397.Grama, J. L. (2015).
Legal issues ininformation security. Sudbury, MA: Jones & Bartlett Learning.Habte, M. L., Scarano Jr., R. M.
, , P. F. (2014). HHS Imposes First Civil Penalty and ResolutionAgreement Resulting from HITECH Breach Notification Rule. Managed Care Outlook,25(8), 1-7.