Mktg5004 Business Research Methods - Assessment Answers

Answer:

Introduction:

The main purpose of this report is to discuss about the sensitive issue based on the Equifax data breach activity that occurred.

Equifax is an agency based on the reporting of consumer credit information. The data breach within the Equifax systems that occurred in mid-May had involved many of the sensible personal information of people such as name, social security number, date of birth, information of license and credit card numbers (Gressin, 2017).

The scope of the document is to discuss about the ethical and legal framework based on the Equifax Data Breach activity and the policies that were violated within this breach.

Guidance Sections-Three Issues

Based on the Equifax Data Breach, it could be concluded that there were some forms of breach within various policies:

Security based Policy – The incident of Equifax violated the policy of security of the users. This had also introduced the potential of hackers for further breach of data leading to exposure of sensitive information, social security numbers and various other details.

Security and Privacy should go hand-in-hand in order to support each other for the betterment of information security systems (Solomon, 2016).

Timing of Notifying Stakeholders – Equifax had discovered heir breach of data on July 29, but they had reported the matter at a time gap of more than a month on September 7. Customers should know about the breach of data within a few hours. This would enable for a better form of measure, which they could have taken. There should be some form of pre-set processes that should be enable the company in order to notify their customers of the breach on their data.

Violation of Government Policies – The response from the Government side in regards to the Equifax data breach was ambiguous. These Governments have a high level of expertise in dealing with the issues related to capabilities related to situations based on emergency response systems. Though the organizations are mostly held responsible for the breach of data, there should be a proper assistance from the Government to secure the IT systems within the organization (De Pauw & Vermeersch, 2017).

Roles and Responsibilities - Mini Security Policy

In the wake of the Equifax data breach, it could be discussed that data breach within any organization is a high matter of concern, both for the customers as well as the organization. Proper form of encryption standards should be set within the organization. There should also be a proper mechanism of privacy, which is also an important value.

Information and Assistance

Based on the discussion, there should also be clear set rules within an organization and governments based on the notification of incidents. As companies promise to provide high level of security within their systems, hence they should develop proper form of real-time notification systems, which would be able to provide guidance to their customers. The government should also provide assistance to organizations in dealing with the aspect of security measures (Berghel, 2017).

Conclusion

Based on the above discussion, it could be concluded that the Equifax systems should have taken proper measures in order to protect the incident of data breach. Proper form of technical expertise should be taken in order to ensure a proper and secure environment.

Reference

Berghel, H. (2017). Equifax and the Latest Round of Identity Theft Roulette. Computer, (12), 72-76.

De Pauw, E., & Vermeersch, H. (2017). The acceptance of new security oriented technologies: a ‘framing’experiment. In Surveillance, Privacy and Security (pp. 52-70). Routledge.

Gressin, S. (2017). The Equifax data breach: What to do. Federal Trade Commission, Washington, DC.

Solomon, M. G. (2016). Fundamentals of information systems security. Jones & Bartlett Publishers.