Law quiz 7

Question 1

Most states require consumer credit reporting agencies to block access to a consumer's credit report upon request by the consumer. This action, which means that credit reporting agencies cannot generally release information from the report to a third party in the absence of the consumer's express authorization, is called a:

"credit freeze"

"credit block"

"credit halt"

"credit interruption"

Question 2

5 / 5 pts

The Identity Theft Assumption and Deterrence Act makes identity theft a federal crime.

True

False

Question 3

As of March 2018, how many U.S. states have enacted laws requiring notification of security breaches involving personal information?

28 states

37 states

49 states

50 states

Question 4

Most of the states of the United States do NOT allow private lawsuits to enforce their data breach notification statutes.

True

False

Question 5

What is the name of the method of cyber attack that consists of an electronic attack directed against computer equipment or data transmissions, and which disrupts the reliability of equipment and the integrity of data by overheating circuitry or jamming communications?

Physical Attack

Electromagnetic Pulse Attack

Malicious Code Attack

Transmission Attack

Question 6

A "phishing" scam targeted at high-level corporate executives in the hopes of obtaining greater gains is informally called:

snorkeling

harpooning

spear-fishing

whaling

Question 7

In a number of cases, the Federal Trade Commission (FTC) has brought legal actions against companies that failed to adequately protect the security of personal information. The authority for this is Section 5 of the Federal Trade Commission Act, which prohibits:

"negligent losses of consumer data"

Correct!

"unfair or deceptive acts or practices in or affecting commerce"

"intentional misuse of personally identifiable information"

"hazardous handling of identifying data"

Question 8

We have considered several cases in which plaintiffs have sued banks and other commercial entities who have lost their personal data due to security breaches. They had not actually been the victims of identity theft, but sued in order to collect monetary damages for the money they had to spend to monitor their credit records. Generally, these plaintiffs have NOT been successful, because:

There is never liability as long as the commercial entity has notified the consumer of the breach

The plaintiffs were deemed not to have "standing" to bring the lawsuit

Such plaintiffs are not allowed to file personal lawsuits; they must convince the Federal Trade Commission to sue on their behalf

Courts have required such plaintiffs to demonstrate that they have actually lost something, holding that there must be more than "the risk of future harm" to enable compensation

Question 9

The most important data security breach notification law in the United States is the Federal Data Breach Reporting Act (FDBRA).

True

False

Question 10

The U.S. Federal law that is most commonly used in connection with computer crime is the:

Electronic Communications Privacy Act

Computer Fraud and Abuse Act

Gramm-Leach-Bliley Act

Fair Credit Reporting Act