Human Herd is a company based in Newark, New Jersey, that sequences individual’s DNA for a fee of $99.99.  Michael Meier, the CEO of the company, hopes to find a way to assist with cancer research after his father is diagnosed with brain cancer. Michael instructs his research committee to scrape publicly available resources looking for the names of people diagnosed with brain cancer in Portugal and Germany. Michael plans to attempt to link these names to their relatives in the Human Herd database to help determine if genetics plays a part in those who contract brain cancer. Michael intends to sell the results of the search on Human Herd. One of the members of the research committee has taken this privacy class. Which of these is the most important concern this privacy student might raise?

Helen Herath, a 16-year-old college student at Georgia Tech, has developed a habit of partying since graduating from high school. After mid-term exams at Georgia Tech, Helen realizes that she has failing grades in several classes. Although Helen lives at home and is still a dependent on her parent’s tax return, Helen does not think it would be wise to tell her parents about her grades. Based on Helen’s behavior, her parents are concerned about her grades at Georgia Tech. Helen’s parents know that you have taken a privacy class.  Helen’s parents ask if you think it is likely they can get access to Helen’s grades. What is your response?

Proactive Protection, a prominent threat analysis group, notified affiliated companies that it had identified an approach used for nation-state attacks. The hackers set up a cybersecurity blog in an attempt to build credibility with potential targets. In the blog, the hackers focused on vulnerabilities that were actually already public.  The hackers then created a series of social media accounts linked to the blog. The hackers, posing as the authors of the blog, reached out to security researchers, asking them to collaborate on their work. When the security researchers responded, the hackers sent these researchers Visual Studio Projects software containing malware, which infect the researchers’ computers. This type of threat to online privacy is known as:

Bearing Up, a tech company providing online streaming video services, has experienced a dramatic increase in traffic on its website since its launch in 2020. The company receives numerous requests from law enforcement officers in different states in the U.S. to view customers’ video streams as they are occurring. The law enforcement requests are not asking for records of customers that are stored. Bearing Up’s privacy officer advocates for hiring an attorney to assist with responding to these requests. The Chief Compliance Officer decides to:

EmployeeNow, a company with customers in all 50 states, provides services to both individuals seeking jobs and employers looking for new employees. EmployeeNow holds data found on job seekers’ resumes and collects information from the social media posts of job seekers registered with the company. Max Mueller, the CEO of EmployeeNow, knows that the company is subject to state data breach notification laws and is aware that the approach to privacy used by the company was developed around the definition of personal information in these laws. Max is concerned that the company could be subject to the new state comprehensive privacy laws and is not familiar with the definition of personal information in these laws. Max asks the company’s Chief Privacy Officer to review the company’s policies and procedures in light of the passage of the numerous state comprehensive privacy laws. Concerning the regulation of personal information in these two types of laws, the Chief Privacy Officer is likely to report back to Max that:

WatchMeNow – an online video streaming service – maintains customers’ names, addresses, email addresses, and preferences for types of videos. The Privacy Notice on WatchMeNow’s website states that the company utilizes the industry’s best practices to secure customers’ information. Despite this statement, WatchMeNow has no internal policies related to cybersecurity. WatchMeNow chose not to encrypt any of its customer data. In 2023, WatchMeNow suffered a data breach of all the information that it held on its customers, where hackers gained unauthorized access to customers’ information. WatchMeNow did not publicly acknowledge the breach, but instead kept the knowledge of the breach within the company. WatchMeNow is likely to have violated the following:

With the growth of cloud storage of records, including by web email and social network providers, evidence for a criminal case is more frequently held in a different country, a phenomenon that has been called “the globalization of criminal evidence.” Two recent mechanisms address the concerns of law enforcement accessing this electronic evidence.

Akira Wang is the Vice Provost of Research and Grants at Modern University in Austin, Texas. In January 2024, Akira travels to a conference in Washington, DC. During her travels, Akira uses a wi-fi connection at Comic Coffee Café, a local coffee shop. As a Comic Coffee Café customer, Akira is able to obtain the password to access Comic Coffee Café’s wi-fi.  Due to a technical issue with her laptop, Akira is unable to utilize Modern University’s virtual private network (VPN). While checking her university email on her laptop, Akira learns of a credit card payment that she needs to make during her trip. Fearing that this credit card payment will be late if she does not act, Akira makes the credit card payment online while using her laptop at Comic Coffee Café. Which of the following is a concern raised by Akira’s online activity?

Two Georgia Tech students are in the development stages for Steps of Knowledge – a U.S.-based company that uses artificial intelligence to analyze the walking gaits of individuals to determine the identity of these individuals. The videos used for this analysis are acquired from video cameras on urban streets. Although the company has yet to earn any annual gross revenues, Steps of Knowledge expects its primary clients will be major sporting events, such as Major League Baseball games, where the company will be contracted to identify known terrorists attempting to enter the venues. Each of these stadiums will have a seating capacity of at least 25,000 people. Due to legal concerns related to newly enacted state comprehensive privacy laws, Steps of Knowledge decides not to originally roll out the company in these states. Steps of Knowledge’s two founders have expressed concern over the possibility of a nation-state attack, where a foreign government would be seeking to steal the company’s patented technology. The company’s Chief Privacy Officer is concerned about whether the company will need to comply with state data breach notification laws if a nation-state attack occurs. In determining whether Steps of Knowledge’s data is subject to most state data breach notification laws, which potentially conflicting issues will the Chief Privacy Officer likely need to examine?

Delynn Minba is the president of Screen Stars, a film making company based in Savannah, Georgia. After a meeting of the company’s compliance team, Delynn received an email from Jonathan Sreeden, the company’s Chief Privacy Officer, informing Delynn about the details of the proposed state comprehensive privacy law in Georgia. The email from Jonathan included an attachment labeled as the full draft of the proposed state law. After Delynn clicked on the attachment, she was unable to read the attachment. Later in the day, Delynn walked down the hall to Jonathan’s office to ask him to re-send the attachment. Jonathan explained that he had not sent the email described by Delynn. Delynn then walked to the office of Suzanna Ivanovich, the Chief Security Officer for Screen Stars. Suzanna’s analysis of the situation is as follows: