Failure to conform to the required standard sensitive

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: So what was improper about this activity and how would liability be determined? If and when this case went to court, the following items would be introduced and addressed: • Legally recognized obligation • Medical Information, Inc., does not have policies and procedures in place to protect patient information. ch10.indd 877 12/4/2009 11:39:10 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 878 • The employer does not have the right to make this kind of call and is not able to use medical information against potential employees. • Failure to conform to the required standard • Sensitive information was released to an unauthorized person by a Medical Information, Inc., employee. • The employer requested information it did not have a right to. • Proximate causation and resulting injury or damage • The information provided by Medical Information, Inc., caused Don Hammy great embarrassment and prevented him from obtaining a specific job. • The employer made its decision based on information it did not have a right to inquire about in the first place. The employer’s illegal acquisition and review of Don’s private medical information caused it to not hire him. The outcome was a long legal battle, but Don Hammy ended up successfully suing both companies, recovered from his brain tumor, bought an island, and has never had to work again. Hacker Intrusion A financial institution, Cheapo, Inc., buys the necessary middleware to enable it to offer online bank account transactions for its customers. It does not add any of the necessary security safeguards required for this type of transaction to take place over the Internet. Within the first two weeks, 22 customers have their checking and savings accounts hacked into, with a combined loss of $439,344.09. What was improper about this activity and how would liability be determined? If and when this case went to court, the following items would be introduced and addressed: • Legally recognized obligation • Cheapo, Inc., did not implement a firewall or...
View Full Document

Ask a homework question - tutors are online