Question One An important role of the computer security profession involves efforts to uphold policy and training. What does the Supreme Court of Canada say about the role that an organization’s computer use policy and practices may play in the assessment of whether there is a reasonable expectation of privacy in a work laptop computer where employees are permitted to use the laptop computer for personal matters? What do you recommend to an organization should be done to address this situation?
Question Two You are the IT systems security manager of the organization. Your organization in based in Edmonton but does share some employee data with a benefits service provider in Toronto. A breach has occurred affecting both customers and employee information held by your organization. Some of your customers are in the United States and some are in Europe. Discuss and contrast your organization’s obligations to report a breach under Alberta’s Personal Information Protection Act (PIPA) and under the Personal Information Protection Electronic Documents Act (PIPEDA). Discuss the circumstances when the company is subject to report a breach under each of these laws and the variables that should be considered in making the assessment. Discuss other applicable considerations in this case.