Skip to content

Chapter 4 Laws, Regulations, and Compliance

Written Lab

  1. What are the two primary mechanisms that an organization may use to share information outside the European Union under the terms of GDPR (General Data Protection Regulation)?

    The two primary mechanisms that an organization used to share information outside the European Union are standard contractual clauses (SCCs) and binding corporate rules (BCRs).

  2. What are some common questions that organizations should ask when considering outsourcing information storage, processing, or transmission? (Using cloud services is one of the outsouring type.)

    • What types of sensitive information are stored, processed, or transmitted by the vendor?
    • What controls are in plac to protect the organization's information?
    • ........ (p.171)

  3. What are some common steps that employers take to notify employees of system monitoring?

    • Clauses in employment contracts that state the employee has no expectation of privacy while using corporate equipment.
    • Similar written statements in corporate acceptable use and privacy policies
    • Logon banners warning that all communications are subject to monitoring
    • Warning labels on computers and telephones warning of monitoring