What is being used for the first time this year? 

What is the occasion the couple is celebrating? 

Run-Like-A-Rabbit, a company whose mission is to ensure that all of its customers get at least 120 minutes of exercise per week, starts a marketing campaign to promote its new app which has a $7.99 monthly subscription. The campaign involves employees of Run-Like-A-Rabbit calling prospective customers around the country. Run-Like-A-Rabbit’s Advertising Manager asks you, as the Privacy Officer, to review the campaign to double check that you believe Run-Like-A-Rabbit would be complying with the requirements of U.S. law. Which of the following parts of the campaign would you approve?

Sean Senzeni is a 2023 graduate of Georgia Tech who recently started a job at Tiger Security in Austin, Texas. Sean received an employee manual on the first day of work at the cybersecurity support center, which is unionized. Being a detail-oriented Georgia Tech graduate, Sean reads the entire manual. The manual is explicit that the company will monitor all emails in a person’s official work account. Sean learns from the manual that the company promises not to read any emails accessed at work that originate in an account other than the official work account. Based on these statements in the manual, Sean regularly checks his personal email accounts at work. After a month with Tiger Security, Sean realizes that the company is failing to pay its workers overtime as required by federal law. After this discovery, the topics of Sean’s personal emails change from general updates to complaints about working conditions at Tiger Security. After two months of working for Tiger Security, Sean is fired. Sean believes that his personal emails led to his termination. If Sean is correct, does Sean have a strong case that he should not have been fired?

Most state data breach notification laws require affected companies to notify national CRAs of a qualifying incident “without unreasonable delay.” Which state requires companies to report to these CRAs within 48 hours – making this state reporting requirement the shortest of any state?

New Jersey’s new state comprehensive privacy law lacks a private right of action that would allow individuals to sue for violations of their consumer rights under the law. Which of the state comprehensive privacy laws studied in this class adopts a similar approach on this topic?

Human Herd is a company based in Newark, New Jersey, that sequences individual’s DNA for a fee of $99.99.  Michael Meier, the CEO of the company, hopes to find a way to assist with cancer research after his father is diagnosed with brain cancer. Michael instructs his research committee to scrape publicly available resources looking for the names of people diagnosed with brain cancer in Portugal and Germany. Michael plans to attempt to link these names to their relatives in the Human Herd database to help determine if genetics plays a part in those who contract brain cancer. Michael intends to sell the results of the search on Human Herd. One of the members of the research committee has taken this privacy class. Which of these is the most important concern this privacy student might raise?

Helen Herath, a 16-year-old college student at Georgia Tech, has developed a habit of partying since graduating from high school. After mid-term exams at Georgia Tech, Helen realizes that she has failing grades in several classes. Although Helen lives at home and is still a dependent on her parent’s tax return, Helen does not think it would be wise to tell her parents about her grades. Based on Helen’s behavior, her parents are concerned about her grades at Georgia Tech. Helen’s parents know that you have taken a privacy class.  Helen’s parents ask if you think it is likely they can get access to Helen’s grades. What is your response?

Proactive Protection, a prominent threat analysis group, notified affiliated companies that it had identified an approach used for nation-state attacks. The hackers set up a cybersecurity blog in an attempt to build credibility with potential targets. In the blog, the hackers focused on vulnerabilities that were actually already public.  The hackers then created a series of social media accounts linked to the blog. The hackers, posing as the authors of the blog, reached out to security researchers, asking them to collaborate on their work. When the security researchers responded, the hackers sent these researchers Visual Studio Projects software containing malware, which infect the researchers’ computers. This type of threat to online privacy is known as:

Bearing Up, a tech company providing online streaming video services, has experienced a dramatic increase in traffic on its website since its launch in 2020. The company receives numerous requests from law enforcement officers in different states in the U.S. to view customers’ video streams as they are occurring. The law enforcement requests are not asking for records of customers that are stored. Bearing Up’s privacy officer advocates for hiring an attorney to assist with responding to these requests. The Chief Compliance Officer decides to: