class action case of Information Security Manager

Your Role as an Advisor

CASE OVERVIEW:

You work for a fast food company with multiple outlets as the Information Security Manager. Our company is based in California.

The company lawyer wants your technical viewpoint on a class action law suit that they have just received.

This class action case involves at least 355,000 customers of the fast food restaurant chain that had their payment card data and other personally identifiable information stolen by computer hackers. It is alleged that we failed to upgrade our payment systems to use EMV technology and failed to comply with FTC requirements. It is also alleged that after computer hackers used malware to access the POS systems of approximately 500 of the chain’s locations, we failed to provide timely, accurate or adequate notice to our customers that their information was stolen.

QUESTIONS:

  1. What is EMV technology?
  2. What regulatory requirements exist pertaining to the types of payment technology consumer companies should be using?
  3. What should we have done to prevent our customer’s payment data from being stolen through the malware attack?
  4. When customer payment data is hacked, what duty does the company have, if any, to inform them of the data breach?
  5. There have been similar cases, in or closely related to the fast food field, what were the outcomes?
  6. What training should we give our staff to prevent this from happening again?

Submit a Word Document answering the questions for a non-technical reader. 

Answer his questions in clear language after doing the necessary research

Cite the sources of your information so the lawyer can follow-up.

Expected response is 2 – 3 pages.