An online retailer gathers data about its users' behavior, including purchasing behavior and ad clickthrough's, using cookies. The data collected by the cookies are anonymous (i.e. they do not contain personal information). The same retailer also must gather the names and credit card numbers of customers in order to complete purchases. A high-level employee with access to all of the retailer's databases sells the credit card numbers of several recent customers to a third party so that the third party can attempt to use the credit cards in their own name.

Many object to the way that retailers use information gathered by cookies. In the scenario, and assuming US law, is the retailer's use of cookies legal or illegal?

Legal

Illegal

What is the source of the data threat in this scenario?

White hat hacker

Cyberterrorist

Insider threat

Hacktivist

How should the release of these data be characterized?

Unintended release of sensitive data by unauthorized individuals

Intended release of sensitive data by authorized individuals

Unintended release of sensitive data by authorized individuals

Intended release of sensitive data by unauthorized individuals

How should the actions of the employee be characterized?

Ethical and legal

Ethical but illegal

Unethical but legal

Unethical and illegal