Competencies

profilerz6794
Home>Homework Answsers>Information Systems homework help
Data Analytics

Please see attached details

  • 2 years ago
  • 40
Report issue
files (2)

DAT250ProjectTwoOrganizationalScenarios.pdf

DAT 250 Project Two: Organizational Scenarios Scenario A: AmityTech Solutions (CCPA and GDPR) AmityTech Solutions is a well-established technical management company based in North America, providing comprehensive data management services to businesses across various industries. AmityTech specializes in offering secure data solutions, robust server infrastructure management, and proactive cybersecurity measures for its clientele, which spans both the United States and Ireland. In addition to its core services, AmityTech aggregates anonymized data to create consumer profiles for targeted advertising. These profiles are strictly segregated from the company's regular data storage operations to maintain client confidentiality and ensure compliance with privacy regulations. Currently, AmityTech manages a database of approximately 300,000 individual consumer profiles.

Despite differentiating between its service offerings, AmityTech encountered a significant breach of client data due to lapses in compliance procedures. An internal audit revealed that scheduled compliance audits had not been completed for three consecutive nine-month cycles. A compliance auditor was also found to have falsified documents and violated security protocols by introducing personal storage devices (phones and external hard drives) into secured areas. This led to concerns about a data breach that could have impacted thousands of client accounts. The company must consider GDPR and CCPA, given where they operate their businesses. There are no required industry standards regarding how AmityTech should respond from a legal, ethical, or technical standpoint.

Upon discovering the errors and risk of a breach, the issue escalated to senior management, culminating in a direct meeting with the organization's owner. The owner and AmityTech’s senior leadership team ordered the development of a new security protocol to address the current incident and prevent future occurrences. The leadership also wants recommendations on whether public notice should be given about the breach and asked for advice in this area. Scenario B: MediGuard (HIPAA) MediGuard is a specialized healthcare data management company that partners with hospitals and healthcare facilities across the United States to provide secure data storage, electronic health record (EHR) management, and technical support services. With a strong emphasis on patient privacy security, MediGuard is responsible for compliance with the Health Insurance Portability and Accountability Act (HIPAA). One of MediGuard's primary responsibilities is to host and manage EHR systems for its hospitals, ensuring the availability, integrity, and confidentiality of patient records while adhering to HIPAA regulations. Additionally, MediGuard collects and stores a wide range of patient data, including medical histories, treatment plans, diagnostic test results, and billing information.

Despite stringent security protocols, a breach occurred due to lapses in compliance procedures within the hospital setting, raising concerns about potential HIPAA violations. An internal audit revealed that scheduled security assessments and data audits had not been conducted as per protocol, leaving vulnerabilities undiscovered for at least four months. The supervisor who realized this promptly escalated the issue to senior management at both MediGuard and the hospital administration. Recognizing the seriousness of the situation and the implications for HIPAA compliance, the CEO of MediGuard convened a meeting with hospital leadership to address the breach and mitigate its impact while ensuring current and future adherence to HIPAA regulations.

In response to the breach, MediGuard has been ordered to propose and administer a response for their hospital partner. They will need to highlight a new security protocol to maintain client trust and patient safety moving forward. The hospital leadership also wants recommendations on a communication strategy and whether public notice should be given to patients about the breach. They asked for advice in this area.

Scenario C: EduTech Innovation (FERPA) EduTech Innovation provides data management and technical support services to higher education institutions across the country. Partnering with the data management teams of universities and colleges, EduTech offers solutions tailored to the unique needs of academic environments, ensuring the security and integrity of student and faculty data while complying with the Family Educational Rights and Privacy Act (FERPA). One of EduTech's primary responsibilities is to develop and maintain the student information systems (SIS) for its partner institutions, which house student records, course enrollment data, academic transcripts, and financial aid information. EduTech also assists universities in managing personnel records, research data, and institutional analytics to support decision making and improve academic outcomes. Strict measures are in place to protect the privacy and confidentiality of student education records in accordance with FERPA guidelines.

Unfortunately, a breach occurred due to lapses in compliance procedures within a partner university, raising concerns about a breach and potential FERPA violations that could impact thousands of students. An internal audit revealed that scheduled security assessments and data audits had not been conducted, leaving vulnerabilities undiscovered for an extended period. Furthermore, an auditor was found to have falsified documents and violated security protocols by accessing sensitive student records and sharing them across the university without proper authorization.

Upon discovering this, the supervisor promptly escalated the issue to senior management at EduTech and the university's administration. Recognizing the seriousness of the situation and the implications for FERPA compliance, the CEO of EduTech convened a meeting with university leadership to address the breach and mitigate its impact while ensuring adherence to FERPA regulations. Since this has never happened to a client before, EduTech must propose steps to respond to the current concern with a specific focus on FERPA compliance. They must also make recommendations about how to prevent this from happening in the future. This will include determining whether a public disclosure is necessary and a communication plan that aligns with all the correct regulations.

  • DAT 250 Project Two: Organizational Scenarios
    • Scenario A: AmityTech Solutions (CCPA and GDPR)
    • Scenario B: MediGuard (HIPAA)
    • Scenario C: EduTech Innovation (FERPA)