ITM100 CHAPTER 4 QUIZ

Questions and Answers

What was the unethical practice committed by Volkswagen AG?

• Manipulating submissions for the LIBOR benchmark interest rates
• Forcing auto loan customers to purchase unneeded insurance
• Manipulating emissions software to meet regulatory standards during testing (correct)
• Covering up faulty airbags used in millions of cars

What led to criminal charges against six ranking VW executives?

• Covering up faulty airbags used in millions of cars
• Opening millions of false accounts
• Manipulating emissions software to meet regulatory standards during testing (correct)
• Manipulating submissions for the LIBOR benchmark interest rates

What led to Takata Corporation filing for bankruptcy in June 2017?

• Opening millions of false accounts
• Manipulating submissions for the LIBOR benchmark interest rates
• Covering up faulty airbags used in millions of cars over many years (correct)
• Manipulating emissions software to meet regulatory standards during testing

What unethical practice was admitted by Wells Fargo bank?

Opening millions of false accounts (C)

What are the major ethical issues in information systems discussed in the chapter?

Accountability, system quality, and preservation of values and institutions (C)

What has given new urgency to ethical issues in information systems?

The rise of the internet and digital technologies (D)

Which technological trend has heightened ethical concerns in information systems?

Declining data storage costs (D)

What has enabled the proliferation of detailed databases on individuals?

The rapid decline in data storage costs (D)

What has exponentially reduced the cost of data movement?

Networking advances (D)

What has led to concerns about individual cell phone tracking without user consent?

Mobile device growth (C)

What has facilitated the invasion of privacy by enabling firms to identify customers using enormous data storage systems?

Advances in information technology (C)

What ethical dimensions are raised by information systems according to the chapter?

Information rights, property rights, and system quality (B)

What are the key ethical issues related to e-commerce and the internet according to the chapter?

Customer information use, personal privacy, and intellectual property protection (C)

What are the ethical dimensions of actions based on information systems, according to the chapter?

Focusing on principles of right and wrong and their impact on societal values and power distributions (D)

How are ethical, social, and political issues related according to the chapter?

Closely linked, with ethical dilemmas reflected in social and political debates (C)

What has raised concerns about privacy invasion, data storage, and individual tracking according to the chapter?

Advances in information technology (D)

What raises ethical concerns about accessing highly detailed personal information about individuals?

Advances in data analysis techniques for large pools of data (A)

What do companies use to assemble and combine myriad pieces of personal information?

Contemporary data management tools (C)

What generates digital information about individuals?

Credit card purchases, telephone calls, government records, and website visits (B)

What do companies do to finely target their marketing campaigns?

Purchase personal information (B)

What does profiling involve?

Using computers to combine data from multiple sources and create digital dossiers of detailed information on individuals (D)

What does the Google Marketing Platform do?

Tracks online activities to create detailed profiles of visitors for targeted web ads (D)

What can advertisers do with online consumer information?

Combine it with offline information, such as credit card purchases at stores (B)

What do ethical, social, and political issues always reference?

Higher values (B)

What is crucial in ethical decision making?

Identifying options that satisfy the interests involved and considering potential consequences (A)

What are some ethical principles with deep roots in many cultures?

The Golden Rule, Immanuel Kant’s categorical imperative, the utilitarian principle, and the risk aversion principle (C)

What is essential in making ethical decisions?

Considering ethical principles and higher-order values (C)

Which amendment in the United States primarily protects the claim to privacy?

First Amendment (D)

What is the most important U.S. privacy law that regulates the federal government’s collection, use, and disclosure of information?

The Privacy Act of 1974 (D)

Which of the following principles is NOT included in the FTC’s Fair Information Practices (FIP)?

Transparency (C)

What is the basis of American and European privacy law?

Fair Information Practices (FIP) (A)

Which organization has restated and extended the original FIP to provide guidelines for protecting online privacy?

Federal Trade Commission (FTC) (B)

What percent of Americans feel that consumers have lost control of their personal information online?

91 percent (A)

Which act safeguards the maintenance and transmission of health information about individuals in the U.S.?

Health Insurance Portability and Accountability Act (D)

What is the primary basis of privacy protection in the United States, Canadian, and German constitutions?

The claim of individuals to be left alone and free from surveillance or interference (B)

What is the primary focus of the Federal Trade Commission's (FTC) privacy policies?

Protecting online privacy (A)

Which area is NOT addressed by the FTC's extended privacy policies?

Social media regulation (B)

Which statement about U.S. federal privacy laws is true?

They apply primarily to the federal government and regulate very few areas of the private sector (C)

How do information technology and systems threaten individual claims to privacy?

By making the invasion of privacy cheap, profitable, and effective (A)

What is the main objective of the GDPR?

To strengthen the rights of citizens to their personal information (D)

What is the maximum fine an organization can face for abusing PII under the GDPR?

$20 million or 4% of the organization’s global revenue, whichever is greater (D)

What type of data is protected by the GDPR?

Basic identity information, web data, health and genetic data, and more (B)

What is a requirement for organizations under the GDPR?

Having a data protection officer (A)

How are privacy laws enforced in the United States compared to the EU?

Privacy laws in the United States are piecemeal and enforced sector by sector; in the EU, data protection laws are comprehensive and apply to all organizations (C)

What is a requirement for organizations under the GDPR?

Requiring explicit consent before collecting data (C)

How does the GDPR address organizations operating in the EU or processing data of EU citizens?

By enforcing conditions worldwide for such organizations (D)

What is the role of data protection agencies in the EU?

Enforcing data protection laws in each country (C)

What is the primary focus of the GDPR in relation to individual rights?

Protecting the rights of citizens to their personal information (C)

How does the GDPR address privacy concerns related to ad-based web businesses?

By aiming to address privacy concerns related to ad-based web businesses like Facebook, Google, and Twitter (C)

What is the scope of the GDPR in terms of the data it protects?

It protects a wide variety of PII, including basic identity information, web data, health and genetic data, and more (D)

Flashcards

What is GDPR?

The EU General Data Protection Regulation (GDPR) was implemented in 2018 to protect the personal information of EU citizens.

Who does the GDPR apply to?

The GDPR applies to all organizations that collect, store, or process personal data of EU citizens, regardless of their location.

What did the GDPR replace?

The GDPR replaced the older Data Protection Directive of 1998, providing a more comprehensive framework for data protection.

What does the GDPR protect?

The GDPR emphasizes protecting personally identifiable information (PII), such as names, addresses, email addresses, etc.

What are the objectives of the GDPR?

The GDPR's main aims are to strengthen EU citizen's rights over their personal information, harmonize data protection laws across EU nations, and enforce data protection standards globally.

What rights does the GDPR grant to individuals?

The GDPR requires organizations to allow individuals to access their personal information without charge, delete their data, and ensure data portability.

What are some organizational requirements under the GDPR?

Organizations under the GDPR are required to have a data protection officer, obtain explicit consent before collecting data, report data breaches, and take responsibility for data shared with partners.

What are the penalties for violating the GDPR?

Organizations that violate GDPR provisions face fines of up to €20 million or 4% of their global revenue, whichever is greater.

Does the GDPR apply to organizations outside the EU?

The GDPR applies to organizations that process data of EU citizens, even if those organizations are not located within the EU.

How does the EU enforce the GDPR with non-EU countries?

The EU enforces the GDPR with non-EU countries, like the US, through intergovernmental privacy shield agreements.

What issue is the GDPR trying to address?

The GDPR aims to address privacy concerns raised by ad-based web businesses, which have been criticized for collecting and using personal data without proper consent.

Is data protection a global concern?

Over 80 countries worldwide have enacted their own privacy laws, reflecting the growing global awareness of the importance of data protection.

How has the internet impacted privacy?

The internet has posed new challenges to individual privacy, with websites and advertising networks tracking browsing behavior across thousands of sites.

What is the core principle behind the GDPR?

The GDPR aims to provide EU citizens with greater control over their personal information, empowering them to make informed choices about how their data is used.

What is the role of consent in the GDPR?

The GDPR sets specific requirements for obtaining consent from individuals before processing their personal information.

What is data minimization under the GDPR?

The GDPR emphasizes the importance of data minimization, meaning that organizations should collect and process only the data necessary for their stated purposes.

What are security measures under the GDPR?

The GDPR requires organizations to implement appropriate technical and organizational measures to protect personal data from unauthorized access, use, or disclosure.

What is data portability under the GDPR?

The GDPR promotes the principle of data portability, allowing individuals to easily transfer their data from one service provider to another.

What is the obligation to report data breaches under the GDPR?

The GDPR requires organizations to notify individuals and relevant authorities about data breaches without undue delay.

What are the rights of individuals to complain under the GDPR?

The GDPR provides individuals with the right to file complaints against organizations that violate their data protection rights.

What is the right to be forgotten?

The right to be forgotten, also known as the right to erasure, allows individuals to request the deletion of their personal information under certain conditions.

What is the importance of data accuracy under the GDPR?

The GDPR requires organizations to take reasonable steps to ensure the accuracy and completeness of personal data they process.

What is the overall goal of the GDPR?

The GDPR seeks to create a more transparent and accountable ecosystem for the processing of personal information.

What is privacy by design?

The GDPR emphasizes the importance of privacy by design, meaning that data protection should be integrated from the initial stages of product development and service design.

What are data protection impact assessments?

The GDPR promotes the principle of data protection impact assessments, which require organizations to analyze the potential risks to individual privacy before implementing new data processing activities.

How does the GDPR ensure compliance?

The GDPR requires organizations to demonstrate compliance with its provisions, including maintaining records of data processing activities and being able to demonstrate compliance with legal obligations.

Is the GDPR static?

The GDPR is a constantly evolving framework, and organizations must stay updated on the latest developments and interpretations to ensure compliance.

Study Notes

EU General Data Protection Regulation (GDPR) Overview

• The EU General Data Protection Regulation (GDPR) was implemented by the European Commission in 2018, applying to all firms and organizations that collect, store, or process personal information of EU citizens.
• The GDPR is an updated framework for protecting personally identifiable information (PII) and replaces the earlier Data Protection Directive of 1998.
• In the United States, privacy laws are piecemeal and enforced sector by sector, while in the EU, data protection laws are comprehensive, applying to all organizations and enforced by data protection agencies in each country.
• The GDPR protects a wide variety of PII, including basic identity information, web data, health and genetic data, and more.
• The main objectives of the GDPR are to strengthen the rights of citizens to their personal information, harmonize conflicting data protection standards among EU nations, and enforce conditions worldwide for organizations operating in the EU or processing data of EU citizens.
• For individuals, the GDPR requires organizations to allow consumers to access their personal information without charge, delete personal data, ensure data portability, and guarantee the right to sue providers for damages or abuse of PII.
• Organizational requirements under the GDPR include having a data protection officer, requiring explicit consent before collecting data, reporting breaches, and liability for data shared with partners.
• Organizations that abuse PII can be fined up to $20 million or 4% of the organization’s global revenue, whichever is greater.
• The EU will enforce the GDPR requirements with non-EU countries, like the United States, using intergovernmental privacy shield agreements.
• The GDPR is aimed at addressing privacy concerns related to ad-based web businesses like Facebook, Google, and Twitter, which have been criticized for invading privacy and not protecting PII.
• Privacy laws have been enacted in over 80 nations around the world, each with its own privacy regulations and frameworks.
• Internet technology has posed new challenges for the protection of individual privacy, with websites and advertising networks capable of tracking personal browsing behavior across thousands of websites.

Description

Test your knowledge of the EU General Data Protection Regulation (GDPR) with this quiz covering its implementation, objectives, impact on organizations, and global enforcement. Learn about the requirements for both individuals and organizations under the GDPR.