BUS-A 460 IT Auditing: Analyzing E-commerce Data Privacy Compliance

Verified

Added on 2023/06/11

AI Summary

This project solution addresses the data privacy requirements for Janet's Emporium's e-commerce site as part of the BUS-A 460 Information Systems Security Assurance course. It identifies nine countries for potential e-commerce deployment based on GDP and outlines their respective data privacy regulations, including those of China, Japan, Germany, the United Kingdom, France, India, Italy, Brazil, and Canada. The solution suggests steps for Janet to comply with these varying requirements, emphasizing a thorough understanding of each country's legislation, consistent compliance, and continuous monitoring for updates. It also recommends tasks for Janet, such as staying informed about regulatory changes and ensuring immediate rectification of any breaches. The solution further advises the company to establish a dedicated department with qualified personnel to effectively manage data privacy compliance across different operating countries, ensuring long-term operational success and adherence to legal requirements.

Running head: AUDITING AND ASSURANCE
Auditing and Assurance
Name of the Student:
Name of the University:
Authors Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
AUDITING AND ASSURANCE
Contents
Nine other countries where the e-commerce site will be deployed:................................................2
Data privacy requirements of the above countries:.........................................................................2
Suggested steps to comply with requirements:................................................................................4
Suggested tasks for Janet:................................................................................................................4
Suggestions and recommendations:.................................................................................................4
References:......................................................................................................................................6

2
AUDITING AND ASSURANCE
Nine other countries where the e-commerce site will be deployed:
The additional countries have been selected by Janet on the basis of top 10 economies
measured in terms GDP. Thus, besides United States of America, the nine other countries in
which e-commerce site will be deployed are as following:
I. China.
II. Japan.
III. Germany.
IV. United Kingdom.
V. France.
VI. India.
VII. Italy.
VIII. Brazil and
IX. Canada (Cohn, 2016).
Data privacy requirements of the above countries:
China: The data protection privacy regulations in China is very strict. Controlled by
China Data Protection Regulations (CDPR), even the foreign companies have to operate through
Chinese websites and networking system to comply with the data privacy requirements (Grunes
& Stucke, 2016).
Japan: Regulated by General Data Protection Laws, data privacy requirements in Japan is
relatively less draconian as compared to China. The APPI amendment introduced on May 30,
2017 permits and disclosure of big data and regulates data privacy (Akter & Wamba, 2016).
Germany: Bundesdatenschutzgesetz (BDSG) is the federal act that protects data privacy in the
country.
United Kingdom: The Data Protection Act 2018 is the premier legislation that governs the
requirements in relation to data protection in the country (Svantesson, 2014).

3
AUDITING AND ASSURANCE
France: New law has been implemented to strengthen the data privacy and protection law in the
country. Companies require to disclose all information and comply with data protection law to
conduct e-commerce business in the country (Kerber, 2016).
India: In India, the Information Technology Act 2000 contains all the provisions in relation to
data protection and privacy. Corporate and other forms of organizations have to comply with the
requirement of the act to carry on their business operations (Dinev, Albano, Xu, D’Atri & Hart,
2016).
Italy:
Data Protection Code regulates the data processing in the country and it allows business entities
to conduct ecommerce business at relative ease provide all necessary disclosures are made
(Eastin, Brinson, Doorey & Wilcox, 2016).
Brazil:
The Data Protection Act in the country guides the practices of business and other entities to
follow the standard guidelines of data protection and privacy in the country (Morey, Forbath &
Schoop, 2015).
Canada:
Persona Information Protection and Electronic Documents is the premier legislation in Canada
governing the data protection requirements for businesses as well as individuals (Greenleaf,
2015).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
AUDITING AND ASSURANCE
Suggested steps to comply with requirements:
The most restrictive data protection regulations are in China. The data breach notification
period is also the shortest in the country (Eastin, Brinson, Doorey & Wilcox, 2016). In order to
comply with data privacy requirements, the following steps should be taken:
I. Thorough study of the data privacy requirements in a country.
II. Comply with all the requirements as per the legislative requirements (Robinson,
2017).
III. Start operations.
IV. Staying up-to-date with changes in data privacy requirements.
V. Ensure changes to the standard processes and procedures to comply with the new
requirements of respective legislations (Ching, Fabito & Celis, 2018).
Suggested tasks for Janet:
Janet should follow the suggested tasks continuously once the system are live:
I. The management should keep itself up-to-dated with any changes made in the
existing rules and regulations governing the data privacy environment (Chaffey,
2015).
II. Ensure compliance with new requirements and changes in data privacy environment.
III. In case any breach the same shall be rectified immediately (Ojo, 2016).
Suggestions and recommendations:
The company should have a separate department with qualified personnel to ensure
compliance with all the data privacy requirements in different countries. Since ecommerce forms
formidable part of Janet’s overall business hence, all necessary actions shall be taken to comply
with the data privacy requirements to keep on operating in long term basis without any problem
(Trautman, 2015). Having a separate departments to look after the compliance requirements in
relation to data privacy law in different countries where the company operate would help the
company to comply with the data privacy requirements effectively (Spiekermann, Acquisti,
Böhme & Hui, 2015).

5
AUDITING AND ASSURANCE

6
AUDITING AND ASSURANCE
References:
Akter, S., & Wamba, S. F. (2016). Big data analytics in E-commerce: a systematic review and
agenda for future research. Electronic Markets, 26(2), 173-194.
Chaffey, D. (2015). Digital business and e-commerce management. Pearson Education Limited.
Ching, M. R. D., Fabito, B. S., & Celis, N. J. (2018). Data Privacy Act of 2012: A Case Study
Approach to Philippine Government Agencies Compliance. Advanced Science
Letters, 24(10), 7042-7046.
Cohn, T. H. (2016). Global political economy: Theory and practice. Routledge.
Dinev, T., Albano, V., Xu, H., D’Atri, A., & Hart, P. (2016). Individuals’ attitudes towards
electronic health records: A privacy calculus perspective. In Advances in healthcare
informatics and analytics (pp. 19-50). Springer, Cham.
Eastin, M. S., Brinson, N. H., Doorey, A., & Wilcox, G. (2016). Living in a big data world:
Predicting mobile commerce activity through privacy concerns. Computers in Human
Behavior, 58, 214-220.
Eastin, M. S., Brinson, N. H., Doorey, A., & Wilcox, G. (2016). Living in a big data world:
Predicting mobile commerce activity through privacy concerns. Computers in Human
Behavior, 58, 214-220.
Greenleaf, G. (2015). Global data privacy laws 2015: 109 countries, with european laws now a
minority.
Grunes, A., & Stucke, M. (2016). Big data and competition policy. Oxford University Press.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
AUDITING AND ASSURANCE
Kerber, W. (2016). Digital markets, data, and privacy: competition law, consumer law and data
protection. Journal of Intellectual Property Law & Practice, 11(11), 856-866.
Morey, T., Forbath, T., & Schoop, A. (2015). Customer data: Designing for transparency and
trust. Harvard Business Review, 93(5), 96-105.
Ojo, M. (2016). E commerce as a tool for resource expansion: postal partnerships, data
protection legislation and the mitigation of implementation gaps. In E-Retailing
Challenges and Opportunities in the Global Marketplace (pp. 25-48). IGI Global.
Robinson, C. (2017). Disclosure of personal data in ecommerce: A cross-national comparison of
Estonia and the United States. Telematics and Informatics, 34(2), 569-582.
Spiekermann, S., Acquisti, A., Böhme, R., & Hui, K. L. (2015). The challenges of personal data
markets and privacy. Electronic Markets, 25(2), 161-167. Spiekermann, S., Acquisti, A.,
Böhme, R., & Hui, K. L. (2015). The challenges of personal data markets and
privacy. Electronic Markets, 25(2), 161-167.
Svantesson, D. J. B. (2014). The extraterritoriality of EU data privacy law-its theoretical
justification and its practical effect on US businesses. Stan. J. Int'l L., 50, 53. Svantesson,
D. J. B. (2014). The extraterritoriality of EU data privacy law-its theoretical justification
and its practical effect on US businesses. Stan. J. Int'l L., 50, 53.
Trautman, L. J. (2015). E-Commerce, cyber, and electronic payment system risks: lessons from
PayPal. UC Davis Bus. LJ, 16, 261.

8
AUDITING AND ASSURANCE

1 out of 9

Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support