Your task is to identify and map the appropriate privacy requirements that would be applicable to the specific circumstances given below. For this assignment, identify which law from the list below applies to each given scenario and explain why the law is applicable.

$.$

Federal Trade Commission $($FTC$)$ Act of $1914$

Cybersecurity Law of the People's Republic of China $($commonly referred to as the Chinese Cybersecurity Law$)$

$.$ Health Insurance Portability and Accountability Act $($HIPAA$)$

$.$ California Consumer Protection Act $($CCPA$)$

$.$

New York State Personal Privacy Protection Law $($PPPL$)$

$.$ General Data Protection Regulation $($GDPR$)$

Scenario $1$

You recently joined a global multinational corporation based in the European Union $($EU$).$ You're in the Information Security department working with several other departments to implement a new enterprise data warehouse solution

to store and transmit internal data for the organization and its clients. The organization has clients throughout different countries in Europe and will need to update the data regularly.

Which type of privacy regulation would principally govern this at an EU level?

Scenario $2$

You were recently hired as a consultant to help a bank based in California assess their privacy program and to make recommendations based on privacy obligations and state$-$wide requirements. Currently, the organization is doing very little with regard to giving consumers the right to know about their personal information, delete their information, opt$-$ out, or recognize their right to non$-$discrimination for exercising their rights.

Based on what you know, what state legislation is the organization potentially not in compliance with?.Scenario $3$

You have been going to the same doctor for several years and have been very happy with their service. Despite the doctor's office being part of a large hospital chain, you are always seen quickly for appointments. Due to the nature of their business and the data they store and transmit, they are considered a "covered entity."

Interestingly, you started receiving several solicitations for unrelated businesses and services. Some even referenced that you are a member of the medical office and can get a discount off of the published price. You called the office and they said that they are sharing some of your information and record data with outside entities for sponsored marketing campaigns.

Which legislation regulates health insurance data and prohibits this type of information sharing $($or selling of data for commercial gain$)?$

Scenario $4$

You are an employee for a financial services organization headquartered in New York state. You've been working in the information technology $($IT$)$ group and are familiar with many of their data protection standards and IT practices. They've recently asked you to start helping the client services group with data record corrections, as your manager stated that is considered a data fiduciary it is now a state requirement to correct inaccurate information for consumers. Based on your knowledge of the situation and the requirements being levied on the firm, which legislation would include this requirement?

Scenario $5$

Your friends introduced you to a new social media platform, and you've been using it extensively to share videos, swap pictures, and keep up with friends. Recently, you read a news headline that said the platform is being sued by the Federal Trade Commission $($FTC$)$ for "unfair or deceptive acts or practices." You are surprised and feel nervous about all the data and information you've uploaded within their system.

Based on your understanding of the situation, how can the US government penalize the organization for "unfair or deceptive acts or practices"?

Scenario $6$

An organization you're working with recently set up a new office in Beijing, China. They are working with a local network service provider to collect user information. The user information and customer data are collected, stored, and processed in accordance with state legal requirements. Furthermore, they ensure that they inform and obtain consent from users for information collection activities.

Which Chinese law addresses this directly from a privacy and cyberprivacy perspective?