ACCG3025 Cyber Security and Privacy Management

Task:

After its disastrous cybersecurity breach, the CEO of Deltex Ltd resigned. The newly arrived CEO has decided to “pivot” the company by introducing a new product. As Chief Privacy Officer, you are to prepare a Privacy Impact Assessment Report to inform the business case for the Board of Deltex Pty Ltd to consider based upon the attached project proposal documents.

Your report should address the following topics:

1. Explain what methodology you would follow to conduct the PIA
2. A brief description of the Deltex project
3. The categories ofstakeholders with whom you would consult
4. A map of the information flows
5. A Privacy Impact Assessment including compliance, ethics, social licence and best-practice perspectives on issues and risks
6. Guidance to Deltex Senior management as to what issues and risks exist and options for how they could be mitigated or eliminated
7. Recommendations to mitigate or eliminate identified issues & risks Include a Reference list and Footnotes or intext citations (referenced in accordance with the Harvard or APA referencing style).

Report on the Results of the Senior Executive “Kartman” Brainstorming Retreat Kartman will be a tool which enables businesses to efficiently and accurately apply price differentiation strategies to their online product and service offerings in real-time. Marketed to Australian end-users as abrowser-plugin which provides access to price discounts when shopping online, Kartman will collect information about end-users Internet browsing habits and also use AI to analyse the contents of their hard drives. It will combine that data with information made available by the Australian government through its Open Data Initiative to identify patterns in Australian society regarding personal interests, psychographic profiles, bank balances, shopping habits, hobbies, addictions, health, education levels, political affiliation, etc.

Through its browser plug-in, Individual end-users will be identified by analysing their mouse movementand keyboard typing habits and classified into categories based upon their willingness-to-pay (“Purchase Likelihood Score”) and ability-to-pay (“Relative Pricing Score”) for different goods and services and assign each end-user a unique identifier which will be consistent across all of their devices (computer, tablet, phone, etc) and locations. When an end user either searches for a product or visits an online store, the Kartman browser plug-in will send that information to Kartman’s back-end servers. Kartman’s back end servers will then notify the store operator in real-time of the end-user’s Relative Pricing Score andPurchasing Likelihood Score so that the online store can adjust its prices up or down to maximise both the probability of a successful sale at the maximum price that particular end-user is willing to pay.

To encourage end-users to install the Kartman browser plug-in, it will notify end-users of the discount that it is able to “negotiate” with the online store on behalf of the end-user. Behind the scenes, the Kartman Backend Servers will notify the online store of the discount percentage most likely to motivate the end-user to make a purchase so that the online store can inflate its price shown to the end-user by that percentage. For example, if the Kartman browser plug-in determines that an end-user would bewilling to pay a maximum of $250 for a particular pair of running shoes and they are typically motivatedby a discount of at least 20% off the retail price, then the backend servers will advise the online store to display to the end-user a list price of $312.50 for those shoes with the Kartman-discount of 20% bringing the price for that end-user down to $250.

To encourage end-users to continue to use the Kartman browser plug-in, the end-user will be told that they received one of the largest discounts given to users (regardless of whether that is true). This will inspire trust in the Kartman service.

Online stores will pay Deltex for the price discrimination service that it offers. Kartman will not sell its datasets to third parties. However, it will rent access to its datasets to online advertisers through an online real-time auction service. The Kartman browser plug-in will be able to intercept webpages accessed by end-users and inject into those webpages advertisements which are displayed over the top of any other advertisements that third parties would have shown to that end-user. This will help to maximise user engagement with Kartman, especially as online stores which use the Kartman price discrimination service will receive discounts when bidding for advertisement placements as compared to third party advertisers. This will enable Kartman to maximise the revenue generated by both its price discrimination service and its online advertising service.

To prevent a user backlash, Deltex will subsidise Kartman for the first six months and have a privacy policy which reveals limited information about its monitoring capabilities (which will be switched off during that period). Once significant end-user adoption has occurred, Deltex will gradually expand itsmonitoring capabilitiesand repeatedly update the Kartman privacy policy to gradually reveal moreinformation about how it tracks its users – the vast majority of users do not review the T&Cs for updates to apps so are unlikely to ever realise Kartman’s full tracking capabilities. To save money, Deltex will outsource the storage and processing of Kartman end-user datasets in third-party datacentres located in Taos, New Mexico.