An employee discovers a loophole in the security whereby the access to personnel records of other employees in the company is open. The personnel records include employee names, addresses, social security numbers, disciplinary actions, annual reviews, and salary information. Busy working on a time sensitive project, the IT administrator do not fix the problem for two weeks. While fixing the problem, it is discovered that several employees have accessed personnel records using the loophole.
The stakeholders that are part of this issue would include the employees who's records have been accesses, the employees that accessed the records, the IT administrator, as well as the company its self. Human resources, if the company has a human resources department, as well as upper management while not directly connected to the issue are also included as stakeholders since they will be included as part of the solution, and the people that employees that had their information accessed will hold accountable.
…show more content…
There are several state laws here in the United States such as the California bill AB1710 that requires companies to inform users of a data breach and provide them with identity protection in the event that a breach happens ("New State Privacy Laws," 2014). While this was an internal breach, they are still required to follow the laws. Other risk in this incident could include employees becoming upset or disengaged if they find out that they make less than some of their coworkers or they feel that the management team does not care since the security loophole went unfixed for two week as they had more important projects to finish (Hassell,