You are the privacy officer for a publicly traded company. You have just learned that a former employee improperly accessed information on her computer before her access was terminated. She went into human resources records and looked at the employment records for all the employees in the company's marketing department. This included their original employment applications and payroll records. She also accessed and copied information about various consumers who bought products from our company.

Analyze and evaluate this situation with legal and compliance considerations in mind. What questions do you have? What would you do first?

How would your answers change if the company were in the health care industry and the records that were accessed contained health related information about people? (ANAYLZE THIS THE LONGEST, mention HIPAA, business associates, covered entities, HIPAA privacy rule etc)