Exhibit $4$: Data integrity and privacy

In the context of the FitZone's registration process for its high$-$intensity interval training $($HIIT$)$ classes, it seems there exists a notable deficiency in internal controls pertaining to data integrity and privacy.

$$ Customers are required to provide personal information, including their name, contact details, and credit card information, during the registration process for HIIT classes. The front desk administrator oversees the collection of this information. However, the system used by FitZone lacks adequate encryption measures to protect this sensitive financial data during transmission and storage. Additionally, FitZone's trainers have access to the database, potentially allowing them to view or extract customers' credit card details.

$$ The front desk administrator does not follow any verification mechanisms to validate the accuracy of the information provided by customers during registration. For instance, if a customer mistypes their email address or provides an outdated email, there is no process in place to correct this error. In some scenarios, individuals could intentionally provide false email addresses or other personal details without detection. The front desk administrator has complained that she spends a lot of time dealing with credit card numbers that are rejected by the bank as being invalid. This necessitates contacting the members to resolve the problem, which can take days or even weeks, causing delays and inconvenience for both the customers and the staff.

$$ The current registration process lacks adequate consent mechanisms to protect customers' privacy rights and preferences regarding the use and disclosure of their personal information.

$$ In FitZone's current cloud$-$based database management system setup, there is a deficiency in the implementation of robust backup and recovery procedures. Without regular testing of backup integrity and restoration procedures, FitZone may not be aware of any potential gaps or limitations in its backup strategy until a data loss incident occurs.

$$ A few members have complained that the monthly fee has been charged to their credit card after the membership has been cancelled. Also, A member complained that her credit card was charged twice for the monthly fee. She said it took her several calls and e$-$mails over a period of weeks before the issue was resolved.

The deficiencies raise concerns regarding the FitZone's compliance with data protection regulations, such as the General Data Protection Regulation $($GDPR$)$ or the Health Insurance Portability and Accountability Act $($HIPAA$),$ depending on jurisdiction and the nature of the collected data. Non$-$compliance with these regulations exposes the club to legal liabilities, financial penalties, and reputational damage. $$ Analyze the deficiencies in internal controls related to FitZone$$s data integrity and privacy and provide recommendations.