If you will recall, your new employer, EZ Crypto, is an international company. Your first assignment was to summarize New York’s data privacy rules. Then your boss asked you to draft an Incident Response Plan incorporating both US and EU data privacy rules. Review the data privacy issues EZ Crypto faces:
- Scammers on the platform – fake profiles, impersonating users, social engineering scams
- Hacks – thefts of cryptocurrencies, including EZ Coin
- Data Protection – Theft of Personal Information
- Regulatory Compliance – right to be forgotten vs document retention requirements; and appointment of data privacy officer in Kenya, for example.
(Note that many of these risks are related, not isolated. For instance, scammers on the platform frequently attempt to invoke their GDPR-related right to delete all of their personal information when they suspect that the authorities are coming close to apprehending them.) Because of the spate of such incidents, EZ Crypto is under investigation by authorities in several jurisdictions with respect to the adequacy of its systems and procedures.
Directions: This week you will work on your Incident Response Plan. Now that you know more about Africa’s data privacy rules update your IRP to include policies in the event a breach would take place that impacts clients in Africa. Then submit your updated IRP.