Scenario
Laguna Productions, Inc., is a multi-media entertainment corporation located in Los Angeles that employs 200 people, and it is incorporated in the State of California. Laguna Productions is publicly traded, and the majority shareholders are CEO Charles Encatre (40% shareholder) and his four partners (each who each 5% shareholders), all of who comprise the Board of Directors. After three years in existence, Laguna’s media products have been selling well and the Board of Directors is interested in expanding operations to include a New York City office location.
In its role as an employer, seller of media products, and selling of shares on the public stock exchange, Laguna Productions holds Personal Identifying Information (PII) related to bank accounts, credit cards, email addresses, social security numbers, and other personal information on its employees, customers, and public shareholders. CEO Charles Encatre is unsure of what are the company’s legal obligations to it’s’ employees, customers, and shareholders if PII is stolen in a cyber-attack under federal law, California state law, and under New York state law.
In light of recent cyber-attacks and intrusions into publicly traded companies, Laguna Productions consulted with a cyber-security expert, who conducted an internal evaluation of the company’s vulnerability to a cyber-intrusion. After review, the cyber expert recommends the expenditure of at least $1 million in security software programs to ward off a cyber-attack. The CEO is willing to make this expense, but the other four board members are not willing to invest a lot of money to defend Laguna Production’s computer system. As one opposing board member put it, “It’s a valid business decision to accept the risk.”
You have been hired as a Security Consultant to provide recommendations to Laguna Production on the laws and regulations on how to deter cyber breaches.
Week 3: Memo
• Due by the end of Week
For this first section of the Portfolio Project, you are to write a 2-3-page Memorandum, to the CEO Charles Encatre. Your memo should be in APA style format and have at least two scholarly resources to support your rational. Your memo should include the following:
• Identify any applicable federal, California, and New York state laws imposed on businesses when PII is stolen
• Determine whether the board members’ sentiment that not purchasing the $1 million in software security is an acceptable risk?
• Make a compelling argument as to whether or not a shareholder vote is needed to implement a $1-million-dollar security software program. Make sure to justify your reasoning.