San Jose State University Data and Security Breach Notification Law Questions
1. Were you successful in finding your state’s data and security breach notification law? Specify the
name of the law. If you were unable to download your state’s law, use the state of Virginia to
complete the question.
2. What is the purpose of state governments imposing a breach notification law on organizations to
protect their citizens?
3. Explain how state government data security breach notification laws relate to individual privacy.
4. Assess the scope and depth of privacy protection rights that a citizen has by being a resident of a
state. Write down the name of your state, and then identify the following for your state’s breach
the data is encrypted or not encrypted?
a breach has occurred? If yes, specify the time. If no, describe how your state handles this.
5. True or false: If you are a citizen in one state but the company that had a data and security breach
with your privacy data resides in another, the company must adhere to the data and security
breach notification law of your home state.
6. Because most states have data and security breach notification laws related to their citizens’
privacy, what is the number one reason for having these laws from a citizen protection
7. Some states define a data and security breach as the loss and exposure of citizen privacy data in
an unencrypted manner. If a state encountered a data and security breach, but no citizen’s privacy
data was compromised given that it was encrypted in a steady-state within a database, does the
company or organization have to abide by the data and security breach notification law?
8. True or false: Unauthorized access to a system must occur for the data and security breach
notification law to take precedence.
Each question word counts not more than 40 words.
Please check plagiarism
Grama, Joanna Lyn. Legal Issues in Information Security, 2nd ed. Burlington, MA: Jones & Bartlett Learning, 2015