Cyber Law Case Studies

Project Overview

The objective of this assessment is to study and critically analyze case studies (attached in this coversheet) based on the various issues that you have learned during this course: Ethical, Cyber Law, Intellectual Property and Organizational Code of Conduct. For this assessment, you must work in groups (2 – 3).

• You are required to read and analyze each case study and answer the questions in detail.
• Please answer the questions in the same document and submit the same document along with the cover sheet and rubric.
• There are some blank pages for you to answer the questions. If the blank pages are not enough, feel free to add more blank pages but leave the document structure as is.
• You may include any other information that you think is relevant and adds value to your case analysis. Therefore, in developing your analysis and arguments, you can also use supporting evidence other than the information contained in the case studies.

Report Format

• Information that you have taken from organization websites or other relevant information should be referenced accurately using the APA referencing system.
• Marks are awarded for the literary style, logical structure and accuracy of your grammar and spelling. Also, please be clear and to the point.
• For each case study the minimum word limit is 150 – 200 words that you will need to adhere to. The word limit excludes references or citations. You must include your word count at the end of the main text. Marks will also be deducted if you don’t follow the page limit.
• When submitting the file, rename the file using the following convention: StuNames_CSF3003_CaseStudy.docx. For Example AbullahMohammadObaid_CSF3003_CaseStudy.docx

Case 1 (LO1, 24 Marks):

A large multinational corporation wants to establish a telephone and email hotline for employees to report wrongdoing within the company. The company has offices in the UAE and wants to ensure that it avoids violations of UAE data protection laws. Discuss what steps can the company take to increase the likelihood that its hotline reporting system remains in compliance?

• Explain a minimum of 3 (any) appropriate use of telephone & email systems.
• Explain a minimum of 3 illegal uses of the system. Answers should be associated with UAE Cyber Law.

Answer:

Often, the firms are targeted in cyber-crimes, and this ruins the reputation of the company in a very bad way. Following are the three appropriate uses of the telephone and email system in the company:

• Telephones and emails can be utilized for urgent conveying of information related to their projects. Often, the company faces a situation where information about the projects needs to be passed on urgently; otherwise, the company might suffer from losses. In this case, telephones and emails are the best possible way to inform the people in the other branches.
• Emails are best to use when the marketing plans, strategic policies, and the new addition to the policies are to be informed to all the members of the organization or even to a limited number of people.
• There is a situation when the policies need to be discussed in person, but since the people from different branches cannot be available 24/7 in person, telephonic conversations are made (Neil, 2011).

The three illegal used by the company are as follows:

• In certain cases, the employees use telephones and emails of their company for getting indulge in crime. In this crime, the law holds countable for the situation.
• The use of telephones for fake calls is condemned by the UAE cyber-law. Some company employees have repeatedly used this technique.
• Employees having low performance and on the verge of being terminated from the company use telephones to defame the company, this is strictly prohibited by law.

Case Study 1 (24 Marks)

Case 2 (LO2, 24 Marks)

You are about to launch your online website that sells all kinds of antiques. Since information privacy is one the prominent issues concerning the online world today, you believe the presence of a privacy policy on your website is essential to protect customer information. You need to have a privacy policy if you are collecting some information about your visitors to protect yourself and to also let your visitors know about its potential use.

Based on the above scenario, write a privacy policy for your website, explain the site’s use of information and inform site visitors what they can expect when they give personal information to the site.

Hint: Your privacy policy is for your visitors, so it’s valuable to write it in a language that your average visitor can understand. Significantly, a policy document’s- main purpose is to decrease your own liability.

You should address at least six different items, such as:

• Describe what personal information is collected.
• Describe how the company will use this information.
• Describe how this information will be transferred to third-party companies.
• Provide instructions on how users can modify or delete their personal information.
• Provide instructions on how users can opt out of future communications.
• Finally, websites that collect sensitive personal information, such as bank details and credit card

Answer:

To manage the online orders made by customers for antiques, the personal information of the customer needs to be collected. The personal information includes phone numbers, alternative telephone numbers, addresses for the delivery of the antiques, and emails so that the customers can be informed about the upcoming and new arrivals in the collection; the choices of the customers can also be asked so that email updates are in accordance with them, the credentials of the accounts, tracking of the IP from which the queries are being entertained. All the personal information gathered from the customers will be used in the future for updating the clients to make other shopping experiences. As far as IPs are concerned, they will be helpful for keeping track of the order (Bilstad, Esq., 2018).

As far as the transfer of information to their parties is concerned, there is a specific part of the information which will be transferred. However, in case any additional information is to be transferred consent from the user will be taken. For the users to modify or delete their information there will always be an option for the users to edit their accounts. They can simply go to the edit tab of the website after signing in to their account and change the information. Every change will be notified so that the information remains safe with the company. Deletion of the accounts from the settings will make the users opt out of future communications. Information that is private is always secure with the company. For this, higher security at the backend working for the website has been used.

Case Study 2 (24 Marks)

Case 3 (LO3, 18 Marks):

A senior broker (Salem) had left a brokerage firm (Arabic) and was hired by a competing brokerage firm (Wasata). Shortly after that, Arabtic lost two clients who said they were moving to (Wasata); their personal data files disappeared mysteriously from the company’s database. Also, the yearly financial report that the senior broker (Salem) had been preparing for (Arabic) was released two weeks early by the third competing brokerage firm.

• As an information security consultant, what changes would you make to the (Arabic) existing security policy so that security is improved after employees are terminated? Explain (not list) at least (any) 6 actions. The answer should be associated with UAE cyber Law (3 marks each)

Answer:

Strict laws are applied to the employees who violate the privacy policy of the company. The company, according to the UAE cyber laws, holds the authority to terminate the employee in the working hours in case he is found to be stealing the company’s information or any other private information (Kenald, 2018). Similar kind of rules applies when the employees are found defaming their company’s n which they have previously worked or in the period of their current working as well. Following will be the six actions that will be taken to make the security policy of the firm work well:

• In this case, the company needs to have a higher level of encryption within the department of private information. Repeated checks and balances should be done in the department.
• Restricting the number of people in the place where the private information of the company lies
• Supervising the restricted people by a person who is unknown by the entire company except for the higher executive (Kenald, 2018)
• A clause should be added related to the termination due to defaming, which should mention what kind of loss the employee will be going through. The termination of the employee should lead to his banning from all other companies for a limited period of time.
• The signing of an agreement by the employee related to all the clauses of the UAE Cyber-law should be done at the start before offering the job.
• Adding higher security checks in the database of the company.

Case Study 3 (18 Marks)

Case 4 (LO4, 10 Points)

Online social networks have grown rapidly in recent years. Such sites are a common breeding ground for viruses and phishing attempts, where fraudsters attempt to obtain sensitive information by posing as legitimate sources.

• Based on this scenario list, what cyber threats to intellectual property that social network sites can pose? Give at least 5 examples (5 Points)
• How does computer technology threaten the privacy of the data of social network users? (2.5 points)
• Discuss other unauthorized use of intellectual property that may lead to legal liability. (2.5 points)

Answer:

Following are some of the cyber threats that can be posed by the social network to the intellectual property:

• The threat of spam is that there are many people who utilize the information of the common public in return for an attractive offer
• Creation of fake accounts
• The openness of getting attacked by social media hackers by sharing excessive personal information related to any person or yourself
• Running the application on social media without checking the credibility
• Putting vulnerable information on social media websites

Computer technology is the biggest threat to the privacy of the data lying on social media these days. The biggest threat is the art of hacking learned by many people. People in the name of ethical hacking are invading the privacy of so many people on social media accounts. No matter how much privacy is applied, there is still some loophole left by the social media platform developers, which makes the common public suffer. Other than hacking people’s blunt statements and signing in to unauthorized applications are some other computer technology threats.

Other unauthorized use of intellectual property may include the excessive of torrent applications. Torrent applications these days are becoming common, which has made violators use them for their purposes. Besides this, another term, hyperlinking, is not hidden from the people. Social media networking worms and the usage of cookies on certain websites for downloading content are the biggest threats to people.

Case Study 4 (10 Marks)

Case 5 (LO5, 24 Points)

You work for the Scientific Research University (SRU). SRU offers programs ranging from Bachelors to PhD programs. In this University, many professors are involved in various research projects; almost all of them are also associated with Intellectual Property (IP). You should also understand that many PhD Students work closely with their professors on various research projects, so they may also have access to various types of data. You are required to develop an IT Organizational Code of Conduct for a University. See PPT LO5 for IT workers and Users, Slide 25 and Slide 26 for various criteria.

Answer:

SRU needs to have some code of conduct within the premises of the university. It is generally observed that when the students learn different techniques in the field of IT they get indulged in illegal activities (GORDON, 2011). In this case, the geniuses are the first ones to be on the list. So, there lies a threat to the intellectual property of the university as well as to that of the professors. This intellectual property can be worth of dollar in the actual market. So this implies that the university follows a code of conduct that is implied to all the students. Following are the steps that need to be included in the code of conduct:

• If any of the students is found to be responsible for the missing data of the professor or any other management body of the university, he/ she should be given severe punishment along with termination from SRU and all other universities for a certain period of time.
• Access to the internet connection of the university should be given to the students by defining a criterion such as their roll numbers should be entered. The Wi-Fi for teachers and students should be kept different.
• Any student found guilty of breaking the rules of the code of conduct should be exposed to punishment and high penalties as well.
• Sharing of the research projects other than the professors who are concerned with the project should be strictly violated.
• Entering the room of the professor should not be allowed in the absence.

Case Study 5 (24 Marks)

References:

 O'Neil, M. (2011). Cybercrime Dilemma: Is it Possible to Guarantee Both Security and Privacy?. Brookings. Retrieved 18 March 2018, from https://www.brookings.edu/articles/cybercrime-dilemma-is-it-possible-to-guarantee-both-security-and-privacy/

Bilstad, Esq., B. (2018). E-Commerce: An Introduction, Consumer Privacy. Cyber.harvard.edu. Retrieved 18 March 2018, from https://cyber.harvard.edu/olds/ecommerce/privacytext.html

GORDON, P. (2011). Ten Steps For U.S. Multinational Employers Towards Compliance With Europe’s New Data Protection Framework – The General Data Protection Regulation | Littler Mendelson P.C.. Littler.com. Retrieved 18 March 2018, from https://www.littler.com/publication-press/publication/ten-steps-us-multinational-employers-towards-compliance-europe%E2%80%99s-new

 Networks, P. (2018). Top 10 social networking threats. Network World. Retrieved 18 March 2018, from https://www.networkworld.com/article/2213704/collaboration-social/top-10-social-networking-threats.html

 Kenald, E. (2018). Cyber Law: Everything You Need to Know. UpCounsel. Retrieved 18 March 2018, from https://www.upcounsel.com/cyber-law