Question

In: Economics

In the fall of 2016 Yahoo disclosed several major security breaches involving more than 1.5 billion...

In the fall of 2016 Yahoo disclosed several major security breaches involving more than 1.5 billion user accounts. The results of these disclosures delayed the purchase by Verizon and reduced the Yahoo purchase price by at least $300 million. In June 2017 Yahoo shareholders agreed to the final sale to Verizon, nearly a year after the purchase was announced. What responsibility do firms have for the protection of customer data provided in the operation of their firm? Should Verizon have backed out of the deal with Yahoo given the scale and duration of the security issues brought to light in the fall of 2016?

Solutions

Expert Solution

ANSWER-

The regulatory environment for brand owners and retailers that do business online is getting stricter thanks to changes going into effect during the next couple of years in the European Union (EU), as well as existing regulations in the U.S. Companies that adapt quickly can turn these changes into a competitive advantage. Several specific changes that apply to online business are close at hand as a result, including data portability requirements, “right to erasure” provisions, and a rapidly-evolving patchwork of regulation that changes from country-to-country across the globe and from state-to-state within the U.S.

As we grapple worldwide with the implications of the incredible amount of personal data generated every day, consumers are pressuring brands and legislators alike for more control over their information. This only becomes more complicated as more and more businesses pivot towards subscription models, where customer-brand relationships are longer-term and more fluid, and involve more uses of personal data and consumer behavior information. Neglecting the privacy desires of these consumers puts brands at risk of everything from fines and penalties to a loss of trust with their customers, which in the most extreme of cases could lead to being put out of business. Here are compliance obligations for which organizations should start preparing.

Businesses can protect customer data-

1. Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types.

2. Train employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behaviour to IT.

3. Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. Most exploit kits see success due to exploits in software for which a patch is already available and just has not been deployed.

4. Install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.

5. Crooks want to capture more than just one user’s password and confidential files – they want access to your back-end databases, your PoS network and your testing network. Consider segregating your networks with next-generation firewalls that treat your internal departments as potentially hostile to each other, rather than having one big “inside” fenced off from the even bigger “outside”.

6. Put in place a device control strategy to identify and control the use of removable storage devices – not only does this prevent bad stuff getting in, with data loss prevention DLP, but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out.

7. Implement full disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.

8. Use application control to keep track of, and restrict, unnecessary software that reduces security without adding any needed benefit.

9. Implement a data protection policy which guides employees on how to keep personal data secure

10. If you move to the cloud make sure that the ability to encrypt the data – both in the cloud and also when being transferred – is on your core requirements list.

Consumer desire for control

In 2016, the EU parliament approved a new regulation bolstering data protection measures for individuals in the EU. The General Data Protection Regulation (GDPR) is intended to give individuals greater control over their personal data and simplify the regulatory environment for brands operating online by providing uniformity across the EU. Though this regulation will likely not be enforced until 2018, and there is looming uncertainty for how the recent events of Brexit will impact regulations for the United Kingdom, it is not too early for brands that do business in the EU to start preparing.

The ripples caused by this legislation will reach every corner of the global retail market. Part of the regulation calls for data portability, allowing an individual to request transfer of personal data from one processing system to another in a commonly-used format. Non-compliance with certain articles contained within the GDPR can result in fines of 20 million euros, or 4 percent of total global revenue, whichever is greater.


Related Solutions

in March of this year the University Hospitals Fertility Center in Ohio disclosed that more than...
in March of this year the University Hospitals Fertility Center in Ohio disclosed that more than 4,000 frozen eggs and embryos were lost due to a storage failure. Suppose you are in charge of delivering the news to devastated patients. What recommendations do you have for how to do this? What would you say? How would you feel about having to do this? What supports should be made available to the affected patients? Finally what are your thoughts on the...
A security has a beta of 1.20. Is this security more or less risky than the?...
A security has a beta of 1.20. Is this security more or less risky than the? market? Explain. Assess the impact on the required return of this security in each of the following cases. a. The market return increases by? 15%. b. The market return decreases by? 8%. c. The market return remains unchanged. A security has a beta of 1.20. Is this security more or less risky than the? market????(Select the best choice? below.) A. The security and the...
6. T or F: Prices rise more with a decrease in yield than they fall with...
6. T or F: Prices rise more with a decrease in yield than they fall with an equivalent rise in yield. 7. T or F: If you think there will be an increase in inflation it is better to increase the duration of your bond portfolio. 8. T or F: If interest rates are about to fall, it is better to be in treasury bonds than corporate bonds. 9. T or F: The Efficient Market Hypothesis relies on everybody understanding...
identify two firms one with a beta more than 1.5 and another with a beta of...
identify two firms one with a beta more than 1.5 and another with a beta of less than 0.7. Report your findings by naming the firms and their betas, describing their products, and explaining why you believe the beta seems predictable (or perhaps not predictable) for the firms chosen.
The company, Facebook, is valued at more than $50 billion. Yet, because it is still
The company, Facebook, is valued at more than $50 billion. Yet, because it is still privately held, it is not required to make any disclosure about its finances. Once the number of its shareholders reaches 500, it will be deemed a public company and will be required to make significant (and expensive) financial disclosure Should the SEC change its rules so that these reporting requirements are not triggered until companies have more than 500 shareholders? Which is more important –...
Respond in detail to the position: “Apple has more than a hundred billion in cash and...
Respond in detail to the position: “Apple has more than a hundred billion in cash and continues to generate staggering amounts of cash each year. There is really no need for Apple to have a debt policy.” Please make sure that you refer to debt policy concepts and show a deep understanding of this topic.
1.2 At every income level, many people fall into the category of spending more than they...
1.2 At every income level, many people fall into the category of spending more than they earn, thereby accumulating debt. With reference to the statement above briefly describe how the following factors may contribute: 1.2.1 Access to credit 1.2.2 Credit cards 1.2.3 Car loans 1.2.4 Influence of others 1.2.5 Spending to feel good.
Founded in 1846, Hood is a Charlestown company with more than $2 billion in annual sales....
Founded in 1846, Hood is a Charlestown company with more than $2 billion in annual sales. The company has 15 plants and uses filling machines for its gallon milk containers. There is some variation in the actual amount of milk that goes into the container. The machine can go out of adjustment and put a mean amount either less or more than one-gallon containers. To monitor the filling process, the production manager for the Sacramento plant selects a simple random...
Case: Walmart is the world’s largest and most successful retailer, with more than $485 billion in...
Case: Walmart is the world’s largest and most successful retailer, with more than $485 billion in 2016 sales and nearly 11,700 stores worldwide, including more than 4,600 in the United States. Walmart has 2.3 million employees and ranks number one on the Fortune 500 list of companies. Walmart had such a large and powerful selling machine that it really didn’t have any serious competitors—until now. Today Walmart’s greatest threat is Amazon.com, often called the “Walmart of the Web.” Amazon sells...
Regarding Risk Assessment Security is imperative in payroll systems. Payroll information security is about more than...
Regarding Risk Assessment Security is imperative in payroll systems. Payroll information security is about more than computer security. It covers a wide range of security measures like protecting the data or information from theft, misuse, natural disasters, social attacks, or hacking. How can we advance the security in payroll transactions? PLEASE MAKE COPY PASTE AVAILABLE
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT