Documente Academic
Documente Profesional
Documente Cultură
Christopher Richmond
BSA 310
Jack Davis
A LEGAL EXAMINATION OF A 2
PROPOSAL
o Historically, Kudler Fine Foods has tracked information such as dollar value and
profit margin per transaction, dollar sales and profit levels by day, and dollar
sales and profit margins by item. However, in an effort to leverage the
information to create a more intimate relationship with their customers, the
firm is integrating a system to track customer purchase behavior over time.
The firm is in the process of developing this system now.
POINTS
o Data
Customer Purchases
Information Sharing
Data Selling
NTN
Customer Name
Address
Purchase History
Legal
Privacy
Information Security
State Law
Federal Law
o HIPPA
o Sarbanes Oxley
Data forms
How it is secured
Ethical
Intrusiveness
Alienating
Information Security
Liability concerns
Identity Theft
A LEGAL EXAMINATION OF A 4
PROPOSAL
Cost
A LEGAL EXAMINATION OF A 5
PROPOSAL
Introduction
The road to hell is paved with good intentions. This is an important philosophy to
keep in mind when examining a projects goals, and structure. However, for a business
to remain competitive it must adapt to meet the needs and expectations of its
customers. A business however must conduct itself in accordance with the legal and
moral behavior expected of it. Failing to do so can result in lost sales, fines, and in some
cases jail time. Customers and regulators will not likely be concerned with intent if a
system, and subsequently the information stored on it, are compromised. In order to
assist Kudler Fine Foods implement a successful customer rewards program, this
document will explain the various legal, ethical, and security concerns that must be
addressed.
The program that Kudler Fine Foods is working to implement will collect
customer shopping data and use this to track behavior and also to reward customers
using a 3rd party reward program that will give customer high value incentives. A
program of this type requires a variety of systems working together such as registers,
central databases for storing customer personal information and activity, and software
that Is capable of adding records, removing records, editing records, and evaluating the
Information Security (Discuss what Data is, Hackers, Business Opponents Law)
*Example!
A LEGAL EXAMINATION OF A 6
PROPOSAL
A business will generally not be hailed for not selling a customers data, or having
the least security breaches. They do however get all the responsibility of any fallout
from a breach.
implement an information security policy. Simply stated the goals of the security
program are to deter, detect, and defend. Data kept by the business must be kept
secure, The goals of information security are to ensure that data is accessible by those
who need it, when they need it, and to prevent unauthorized individuals from accessing
this information.
What is Data
o Three Ds
Why
o Legal dangers
State Law
Federal Laws
Spam laws
Optout?
o Ethical problems
Sharing data
Loss of business
o Hackers
o Business Opponents
o Identity Thieves
o Delete
o Distort
o Steal
How to protect it
o Passwords
o Authorizations
o Encryption
o Written agreements
employees
Data Considerations
Information for this system will go through a process; each step should be
examined and verified to ensure proper security procedures are being followed. The
Gathering
Transmittal
Storing
Editing
Auditing
A LEGAL EXAMINATION OF A 9
PROPOSAL
Redemption
Input
How is the data collected? Application is filled out by the customer, and then the
information is input by the store associate. Applicant enrolls directly into a kiosk or
similar input system. Information is gathered verbally from a customer by the employee.
What assurances will be made to the customer to indicate their data will not be sold or
Transmittal
How information is transferred between systems and the state of the information
is an important aspect of data security. Will the information be transferred over intranets
only, over the internet? Will the local networks be hard wired or use wireless technology.
Is the information encrypted before transmitted and if so what techniques will it use?
Storage
What type of database will house the information? SQL or Access? How is
Edit
Who can modify the database? Who can see it? What information is displayed in
Auditing
A LEGAL EXAMINATION OF A 10
PROPOSAL
What type of reports will be ran to validate the information? What kind of logs will be
kept to track access to the site to look out for abuse and comply with legal inquiries?
What type of thresh holds might be set to warn administration about unusual activity?
Third Party
What 3rd parties will have access to the database and in what format? The third
party reward point company? The customer via an internet connection to check on
rewards?
Future Considerations
Add Records
Modify Records
Remove Records
o Example
Ethical
Information Security
Conclusion
A LEGAL EXAMINATION OF A 11
PROPOSAL
business to protect itself by developing and implementing a strong and responsible plan
to protect the data it stores. Assessing these security concerns described will ensure the
eliminate all risk involved these steps will eliminate a great deal of the risk.
A LEGAL EXAMINATION OF A 12
PROPOSAL
References
Langton, L., & Planty, M. (2010). Victims of Identity Theft, 2008. Retrieved from http://
www.bjs.ojp.usdoj.gov/index.cfm?ty=pbdetail&iid=2222
Costs-climb-7-to-7-2-million-per-incident.html