PLEASE READ AND ANSWER QUESTIONS

Global View: International Privacy Laws

Today’s online world, including the increasing use of the cloud to store data on remote third-party servers, offers unprecedented opportunities for the global storage and transfer of personal information. To address the risks associated with the unregulated exchange of personal information, many jurisdictions around the world have enacted privacy laws, regulations, and rules dealing with data collection, processing, storage, disclosure, and use. Although definitions of the term privacy vary, common elements include freedom or protection of individuals and sometimes groups from unauthorized or unwanted intrusion into, or observation of, their personal information and from violation of the integrity of this information.

The type of protection, as well as the speed, level of completeness, and depth of regulation and implementation, varies from country to country. Increasingly, countries have addressed the cross-border transfer of personal information and taken steps to prevent the circumvention of existing national laws governing the storage, processing, and disclosure of information through the “off-shoring” of these activities. Accordingly, when multinational companies do business outside their home country, including offering products or services on the Internet, and collect personal information from residents of a foreign country, they are likely to fall under the privacy laws and regulations in that country.

The following is a brief overview of privacy laws and regulations in several key jurisdictions.

European Union

The European Union (EU) Data Protection Directive (Directive 95/46/EC), adopted in 1995, requires its Member States to safeguard the privacy of personal data by

(1)

giving notice to individuals about how their information will be used;

(2)

offering a choice when disclosing information to third parties (with opt-in consent required for sensitive information);

(3)

maintaining the security of personal information;

(4)

ensuring that the data are reliable, accurate, and current; and

(5)

giving individuals access to examine, correct, and delete information about themselves.

Because each EU Member State had to incorporate the provisions of the Data Protection Directive into national law for them to be binding, there is some variation in the privacy laws among the states.

The EU adopted the General Data Protection Regulation (GDPR) in 2016. It will enter into full force across all Member States on May 25, 2018. The GDPR will replace Directive 95/46/EC and affect organizations based within the EU, as well as foreign organizations doing business there. Although the GDPR is intended to make it easier for multinational entities operating across the EU to comply with data protection law, certain aspects of the regulation permit Member States to enact their own legislation, so inconsistencies in application may exist.

An important principle of both the Data Protection Directive and the GDPR is that personal information generally should not be collected unless the collection is

(1)

proportional (meaning adequate and not excessive relative to its purpose),

(2)

transparent (meaning that the affected individual must be informed as to the circumstances of the collection and consent to it), and

(3)

for a legitimate purpose.

The GDPR will make it easier for individuals to access and control their own data, including information on how their data are processed; make it easier to transfer personal data between service providers; clarify the “right to be forgotten,” which allows an individual to require that certain personal data be deleted (the subject of the “Inside Story” in Chapter 24); and, under certain circumstances, require notification when data have been hacked (e.g., if the breach is likely to result in a “high risk” to the data subject). Additionally, a data subject’s consent to process personal data must be “as easy to withdraw as to give.” In the case of “sensitive data,” consent must be explicit.

By modernizing and unifying the rules, cutting red tape, and reinforcing consumer trust, the GDPR will help businesses reap the benefits of the “Digital Single Market.” The legislation will create a “one-stop-shop” so that businesses can deal with only one privacy supervisory authority, making it less costly to do business in the EU; require companies based abroad to apply the same rules as EU-based firms when offering services inside the EU; provide for a “risk-based approach” to incorporating the rules; and require firms to build in data protection safeguards when developing products and services in the beginning stages of development (so-called data protection by design).

The GDPR broadened the definition of personal and sensitive data to include political opinions, religious and philosophical beliefs, health and sex life, and genetic and biometric data. The regulation applies both to data controllers (the entities determining how and why personal data are processed) in the EU and to data processors (the entities that process the personal data on behalf of data controllers) in the EU. The GDPR also applies to controllers and processors outside of the EU whose processing activities involve offering goods or services to EU data subjects or monitoring these subjects’ behavior within the EU.Penalties for breaching the GDPR can be significant.

Unlike the Data Protection Directive, the GDPR does not require a company that processes personal information (“personal data”) to register or notify data protection supervisory authorities before it starts collecting personal information. Instead, data controllers are required to maintain appropriate records to evidence compliance with the GDPR. Personal information may be transferred into third countries (countries outside the EU) only if the third country provides an adequate level of protection for the information.

Although the United States is not regarded as providing adequate protection, the EU and the United States adopted the EU-U.S. Privacy Shield in 2016 to permit the transfer of personal information from any EU member state to the United States under certain circumstances. The EU-U.S. Privacy Shield requires U.S. companies to ensure that individuals’ digital information, “from social media posts and search queries to information about workers’ pensions and payroll,” is not misused. Companies must adhere to seven principles: notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability, all as determined by self-assessment or assessment of a third party, with recertification required each year. The rules apply to all companies regardless of whether they are social media platforms, pharmaceutical companies, or industrial conglomerates subject to the jurisdiction of the FTC or the U.S Department of Transportation. In addition, the agreement requires the United States to provide an annual guarantee that its intelligence agencies will not have “indiscriminate access” to Europeans’ digital data when these data are sent to the United States. The agreement enables about $260 billion of trade in digital services, with nearly 2,000 companies (including Facebook, Google, and Microsoft) relying on the EU-U.S. Privacy Shield to store data about EU citizens on U.S. servers. A separate Swiss-U.S. Privacy Shield became effective in April 2017 and covers data transfers from Switzerland.

In January 2017, the European Commission proposed a revision to the ePrivacy Directive that aims to reinforce the right to privacy and control of data for European citizens. (Directive 2002/58/EC, referred to as the ePrivacy Directive, protects the privacy of communications over public electronic networks.) The revision would require messaging, email, and voice service providers to guarantee the “confidentiality of conversations and metadata around the time, place and other factors of those conversations.” The rules would prohibit service providers, such as Facebook Messenger, Google, WhatsApp, Skype, and others, from listening to, tapping, intercepting, scanning, or storing communications without users’ consent (except for certain “critical” functions); require “explicit consent” before data could be used for advertising; and eliminate consent requirements for cookies that do not affect privacy (“privacy intrusive” cookies would still require consent). As with the GDPR, the fines for noncompliance would be significant. The proposed rule was designed to close the “perceived regulation gap between traditional telecom[] companies and predominantly US-based internet communications companies” and to also allow telecom companies to use certain metadata—for example, the length and location of calls—to provide more services and earn more revenue. Although one EU regulator asserted that the proposed regulation is balanced because it gives consumers a high level of protection while also permitting businesses to innovate, others have stated that the EU is “on the verge of a regulation overload,” as this proposal follows shortly after the adoption of the GDPR.Further, an industry spokesperson representing Google and other companies argued that the proposed revision risks “incoherence and confusion” because the GDPR requires one approach to safeguarding privacy and ePrivacy calls for another approach.

Exercise:

Read Global View article on international privacy laws [pages 247-249 of textbook.]

Note especially the European Union General Data Protection Regulation [GDPR] which entered into force on May 25, 2018. Note that the EU approach to data privacy is that the data is a digital asset of the owner and that organizations seeking to use your data must secure your affirmative consent and that the consent needs to be proportionate, transparent and for a legitimate purpose, including the right to be forgotten. The regulation applies to organizations outside the EU to the extent that they handle the data of EU nationals.

You are the Chief Privacy Officer of Facebook. Facebook accumulates and analyzes the data of persons accessing its service [even if open on your computer when doing other activities.] Facebook then sells advertising to third parties based on the data. Facebook currently considers your accession to their service as consent for the collection and use of your data. Facebook currently benefits from increased use. This is called a network effect. 'Network effect' is a phenomenon whereby a product or service gains additional value as more people use it.

Write a one [1] paragraph response in Word format and post to the Course Discussion Board:

If data is a digital asset owned by the individual, do individuals in the EU have the right to charge Facebook for each use of the individual's data? If so, what impact will this have on the market value of Facebook's stock

Pratt is ready to graduate and leave College Park. His future employer (Ferndale Corp.) offers the following four compensation packages from which Pratt may choose. Pratt will start working for Ferndale on January 1, year 1.

Assume that the restricted stock is 1,000 shares that trade at $5 per share on the grant date (January 1, year 1) and are expected to be worth $10 per share on the vesting date at the end of year 1 and that no 83(b) election is made. Assume that the NQOs (100 options that each allow the employee to purchase 10 shares at $5 exercise price). The stock trades at $5 per share on the grant date (January 1, year 1) and is expected to be worth $10 per share on the vesting date at the end of year 1 and that the options are exercised and sold at the end of the year. Also assume that Pratt spends on average $3,000 on health-related costs that would be covered by insurance if he has coverage. Assume that Pratt's marginal tax rate is 35 percent. Assume that Pratt spends $3,000 in after-tax dollars for health expenses when he doesn't have health insurance coverage (treat this as an outflow), and that there is no effect when he has health insurance coverage. (Ignore FICA taxes and the time value of money considerations).

Required:

1. What is the after-tax value of each compensation package for year 1?
2. If Pratt’s sole consideration is maximizing after-tax value for year 1, which scheme should he select?

In an amusement park ride called The Roundup, passengers stand inside a 19.0 m -diameter rotating ring. After the ring has acquired sufficient speed, it tilts into a vertical plane

a)Suppose the ring rotates once every 4.50 s . If a rider's mass is 55.0 kg , with how much force does the ring push on her at the top of the ride?

b)Suppose the ring rotates once every 4.50 s . If a rider's mass is 55.0 kg , with how much force does the ring push on her at the bottom of the ride?

c)What is the longest rotation period of the wheel that will prevent the riders from falling off at the top?

Mercer Corporation acquired $400,000 of Park Company’s bonds on June 30, 2018, for $409,991.12. The bonds carry a 12% stated interest rate and pay interest semiannually on June 30 and December 31. The appropriate market interest rate is 11%, and the bonds are due June 30, 2021.

Required:

Tempe Office Services and Supplies (TOSS) provides various products and services in the Tempe Research Park, home to numerous high-tech and bio-tech companies. Making color copies is one of its most popular and profitable services. The controller performed a regression analysis of data from the Color Copy Department with the following results:

The regression output was based on the following data:

Required:

1. What is the variable cost per color copy for TOSS?

2. What is the fixed cost for the Color Copy Department?

3. Based on the regression output obtained by the controller, what cost formula should be used to estimate future total costs for the Color Copy Department? Enter answer as an equation in the form of y = a + bx.

5-a. Use the high-low method to estimate the variable and fixed costs for the Color Copy Department.

5-b. What cost formula should be used based on your analysis? Enter answer as an equation in the form of y = a + bx.

6. If 21,300 copies are made during January, what is the total cost predicted by each method?

I was walking my dog Baroness in the park yesterday. She’s really sweet and I wanted to get a picture of her – a really detailed picture of her – so I set the shutter speed to 1/250th of a second. I noticed that an f/stop setting of 2.8 gave me a really nice picture of her - that is to say, the exposure (the amount of light) was really good. BUT I noticed that the tree behind her and the pond weren’t in focus and I really wanted to see all of it. So I decided change the settings so that Bear and the scenery were in focus. What settings should I change on my camera?

-. And in what direction?

. Later we were tossing football in a big grassy area. She’s a great receiver – Air Bud has nothing on her. I told her to “go long” up the sideline and she took off running. I was thinking about how to get a good picture of her when she was moving so fast. As she ran back past me I set my shutter speed to 1/1000th of a second in order to get a good shot of her. What should I set my f/stop setting to in order to have the same total exposure? (original settings are in bold)

f-stop     1, 1.4, 2, 2.8, 4, 5.6, 8, 11, 16, 22, 32

shutter    1/15, 1/30, 1/60, 1/125, 1/250, 1/500, 1/1000

Alternative Inventory Methods

Park Company's perpetual inventory records indicate the following transactions in the month of June:

Units Cost/Unit
Inventory, June 1 200 $3.20
Purchases:
      June 3 200 3.50
      June 17 250 3.60
      June 24 300 3.65
Sales:
      June 6 300
      June 21 200
      June 27 150

Required:

1. Compute the cost of goods sold for June and the inventory at the end of June using each of the following cost flow assumptions: If required, round your answers to the nearest dollar.

FIFO

Cost of Goods Sold $ _____________
Ending Inventory $ ______________

LIFO (Round your intermediate calculations and final answers to the nearest cent.)

Cost of Goods Sold $ ___________
Ending Inventory $ _____________

Average cost (In your computations, round new per unit costs to the nearest cent. Round your intermediate computations and final answers to the nearest dollar.)

Cost of Goods Sold $ ___________
Ending Inventory $ ____________

Mercer Corporation acquired $400,000 of Park Company’s bonds on June 30, 2018, for $409,991.12. The bonds carry a 12% stated interest rate and pay interest semiannually on June 30 and December 31. The appropriate market interest rate is 11%, and the bonds are due June 30, 2021.

Required: 1. Prepare an investment interest income and premium amortization schedule, using the:

a. straight-line method

b. effective interest method

2. Prepare journal entries to record the December 31, 2018, and December 31, 2020, interest receipts using both methods.