Law quiz 7
Question 1
Most states require consumer credit reporting agencies to block access to a consumer's credit report upon request by the consumer. This action, which means that credit reporting agencies cannot generally release information from the report to a third party in the absence of the consumer's express authorization, is called a:
"credit freeze"
"credit block"
"credit halt"
"credit interruption"
Question 2
5 / 5 pts
The Identity Theft Assumption and Deterrence Act makes identity theft a federal crime.
True
False
Question 3
As of March 2018, how many U.S. states have enacted laws requiring notification of security breaches involving personal information?
28 states
37 states
49 states
50 states
Question 4
Most of the states of the United States do NOT allow private lawsuits to enforce their data breach notification statutes.
True
False
Question 5
What is the name of the method of cyber attack that consists of an electronic attack directed against computer equipment or data transmissions, and which disrupts the reliability of equipment and the integrity of data by overheating circuitry or jamming communications?
Physical Attack
Electromagnetic Pulse Attack
Malicious Code Attack
Transmission Attack
Question 6
A "phishing" scam targeted at high-level corporate executives in the hopes of obtaining greater gains is informally called:
snorkeling
harpooning
spear-fishing
whaling
Question 7
In a number of cases, the Federal Trade Commission (FTC) has brought legal actions against companies that failed to adequately protect the security of personal information. The authority for this is Section 5 of the Federal Trade Commission Act, which prohibits:
"negligent losses of consumer data"
Correct!
"unfair or deceptive acts or practices in or affecting commerce"
"intentional misuse of personally identifiable information"
"hazardous handling of identifying data"
Question 8
We have considered several cases in which plaintiffs have sued banks and other commercial entities who have lost their personal data due to security breaches. They had not actually been the victims of identity theft, but sued in order to collect monetary damages for the money they had to spend to monitor their credit records. Generally, these plaintiffs have NOT been successful, because:
There is never liability as long as the commercial entity has notified the consumer of the breach
The plaintiffs were deemed not to have "standing" to bring the lawsuit
Such plaintiffs are not allowed to file personal lawsuits; they must convince the Federal Trade Commission to sue on their behalf
Courts have required such plaintiffs to demonstrate that they have actually lost something, holding that there must be more than "the risk of future harm" to enable compensation
Question 9
The most important data security breach notification law in the United States is the Federal Data Breach Reporting Act (FDBRA).
True
False
Question 10
The U.S. Federal law that is most commonly used in connection with computer crime is the:
Electronic Communications Privacy Act
Computer Fraud and Abuse Act
Gramm-Leach-Bliley Act
Fair Credit Reporting Act