DATA SECURITY
ASSIGNMENT 1
Case Study: Chatter
Company Overview
Fledgling social media platform, ‘Chatter’ launched in September 2017. Its main users are 13-21 year olds.
Users can:
Share photos and post status updates
Send messages via a private chat
Play games with other users, and make in-app purchases
Their head office is in Birmingham, and they employ 30 people. All staff members have a staff pass to enter
the building, and have a company iPhone and laptop. All staff have received an email outlining the best
practice for cyber security but this was not read by everyone and staff have not undertaken any mandatory
training.
Background Information
Chatter’s recent cyber security incident
A staff member left their laptop on the train while commuting home. The laptop was picked up by someone
and they were able to gain access to it. Fortunately, the member of staff had reported it missing and the
laptop was remotely wiped. Chatter cannot be sure if any data was accessed before the laptop was remotely
wiped.
Important Government Regulations
GDPR - General Data Protection Regulation
As of Spring 2018, changes to GDPR came into force, designed to better protect consumer and personal data.
Any organization holding data must:
Gain consent from the consumer to process their data
Anonymize the data collected to protect privacy
Provide data breach notifications
Safely handle the transfer of data across borders. Transferring data outside Europe. The GDPR imposes
restrictions on the transfer of personal data outside the European Union, to third-party countries or
international organizations, to ensure that the level of protection of individuals afforded by the GDPR is
not undermined.
Require certain companies to appoint a data protection officer to oversee GDPR compliance
If these rules are not followed, then companies face hefty fines of up to €20million.
Simultaneously In the News
News 1: Facebook says almost 50 million of its users were left exposed by a security flaw.
