I. Case Analysis
a) Analyze the case to determine the ethical issues within the organization that may have led to the incident. What are these issues and why do
you credit them for the incident?
b) Determine legal compliance issues within the organization that may have led to the incident or could lead to future incidents. Were there any
legal and ethical standards in existence at the time that were not followed by the organization? What were these issues and how did they impact
c) Determine the societal and cultural impact of these compliance issues. Some things to consider in your assessment include spe cific targeting of
demographic groups, victimization of certain customers, and so on.
II. Incident Impact
a) Determine the impact this incident may have had on the ethical and legal IT regulations of the time. If there were no direct results of this case,
what may have been the indirect impact and/or what was the impact of similar cases? For example, what regulatory changes resulted from this
or similar cases? What is your reasoning?
b) Determine the connection between the industry standards and the standards in existence for information technology. Specifically, determine if
the organization was lacking in either industry-specific or IT-specific alignment with regulations that may have contributed to the incident, and
provide support for your conclusions. For example, misalignment with HIPAA laws in healthcare is an industry-specific deviation from standards.
c) Cultural Impact: Analyze the influence this incident may have had on various cultural attitudes toward IT and cyber communication or
commerce. In other words, how could this incident impact views of information technology use?