Organisations seeking access to information held by another organisation must ensure that
they have a clear purpose for collecting the information (including Transborder data flows).
Organisations must not collect the information unless it is necessary for their functions or
activities.
1. Consider 3 different domains, i.e., health, gaming, and social networking.
Show/discuss valid and specific needs (as an example to show a clear purpose
for collecting the information) of user data collection in each domain. Discuss the
significance of this. [Answer in 250-500 words]
2. Discuss data collection and protection frameworks used by the organisations in
each domain to a) preserve customer trust and security of cardholder data and
b) to protect assets from accidental loss, compromise, or destruction against an
international standard. [Answer in 250-500 words]
3. Give your opinions to discuss how social engineering strategies are being used in
these three domains to steal data (one of the examples is here). Share your
opinions, with justification, whether they are legal or illegal. [Answer in 250-500
words]