Individual Report and Individual Presentation Assessment Type: Report and Presentation Word Count: 1800 words 10% for Part A (report) 8 - 12 slides for Part B (presentation) Weighting: 40 % (25 + 15) Your Task Consider below information regarding the National Australia Bank data breach. Read the case study carefully and using the resources listed, together with your own research, complete: Part A (Industry Report) Individually by Tuesday 23: 55pm AEST Week 12 Part B (Application for data access presentation) submitted in Tuesday Week 13 at 23:55 AEST, as an individual video upload. Page 2 Kaplan Business School Assessment Outline Assessment Description Europes largest bank just got hacked HSBC HSBC https://www.bitdefender.com.au/blog/hotforsecurity/europes-largest-bank-just-got-hacked/ Background HSBC Bank, the seventh-largest banking and financial services organizations in the world and the largest in Europe, has been breached by hackers. The bank is now sending letters to an undisclosed number of customers notifying them that hackers have their data. In a notification template submitted to the California Attorney Generals Office, HSBC said it became aware that online accounts were accessed by unauthorized parties sometime between October 4 and October 14, 2018. When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account, the notice reads. You may have received a call or email from us so we could help you change your online banking credentials and access your account. We apologize for this inconvenience. HSBC takes this very seriously and the security of your information is very important to us. HSBC adds (emphasis ours), The information that may have been accessed includes your full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available. The bank provides no details of the breach, such as how the attackers managed to infiltrate its systems and then exfiltrate customer data. It does say, however, that its first action after containing the breach was to enhance the authentication process for HSBC Personal Internet Banking. This suggests the breach may have involved credential stuffing (where large numbers of previously-breached credentials are stuffed into login forms until they are potentially matched to an existing account), or a vulnerability in the banks two-factor-authentication (2FA) process. On a slightly more positive note, customers are told HSBC is offering a complementary year of credit card monitoring via Identity Guard, which monitors and protects credit data, but also alerts users to activities that could indicate identity theft. Customers must sign up for the freebie within 90 days, or they wont be eligible after that window is closed. Page 3 Kaplan Business School Assessment Outline According to Wikipedia, HSBCs assets total US $2.374 trillion, as of December 2016, with annual revenue in the tens of billions. Last year alone, it raked in $51.445 billion, or 45.1 billion euros. Considering the sheer number of potential European clients and the amount of personally identifiable information compromised, HSBC stands to incur a stinging fine under the recently introduced General Data Protection Regulation. The GDPRs penalties for such data breaches are calculated at up to 20 million euros, or 4% of the companys annual turnover, whichever is greater. Needless to says, EU legislators wont have too hard of a time making that calculation. Brief As an analyst withinHSBC, you have been tasked with considering ways in which customer data can be used to further assist HSBCwith its marketing campaigns. As a further task, you have been asked to consider how HSBC could potentially assist other vendors interested in the credit card history of its customers. Page 4 Kaplan Business School Assessment Outline Assessment Instructions Part A: Industry Report (1800 words, 25 marks) - Individual Based on your own independent research, you are required to evaluate the implications of the European legislation such as GDPR on HSBCs proposed analytics project and overall business model. Your report can be structured using the following headings: Data Usability Benefits and costs of the database to its stakeholders. Descriptive, predictive and prescriptive applications of the data available and the data analytics software tools this would require. Data Security and privacy Data security, privacy and accuracy issues associated with the use of the database in the way proposed in the brief. Ethical Considerations The ethical considerations behind whether the customer has the option to opt in or opt out of having their data used and stored in the way proposed by the analytics brief Other ethical issues of gathering, maintaining and using the data in the way proposed above. Artificial Intelligence How developments in AI intersects with data security, privacy and ethics, especially in light of your proposed analytics project. It is a requirement to support each of the key points you make with references (both academic and grey material) Use the resources provided as well as your own research to assist with data collection and data privacy discussions. https://gdpr-info.eu/ Page 5 Kaplan Business School Assessment Outline Part B: Presentation (5 minutes, 15 marks) Instructions: You are required to prepare a presentation of 6 - 12 PowerPoint slides. You are an analyst at HSBC. You have identified a way in which you can use customer data to inform customers of bank offers and offers from other vendors, based on their credit card spending history. Although its HSBCs own data, regulators and legislators are becoming increasingly concerned about the way in which certain types of analytics projects can infringe on privacy, individual rights and potentially be in contravention of the GDPR and other legislation. Create a presentation of approximately 5 minutes in which you discuss how HSBC plans to use this data and the broad implications involved. Discuss the issues below, and imagine you are communicating this presentation to government (regulators and / or legislators) as your primary audience. Consider: 1. Why you want the data and the resulting benefits to your customer base; 2. How the data can be sourced ethically and securely; 3. How you will keep the data safe from the type of attack on customer data outlined in the article above. 4. How you will use your analytical findings in an ethical way.