In the aftermath of the San Bernardino shooting in December 2015, Apple was required by a federal court order to assist the FBI in unlocking the primary suspect’s iPhone 5c. Apple would need to build a new software program in order to comply with the order, potentially compromising the company’s brand promise regarding the security of customer data. This case examines the importance of customer data privacy to a company’s business model as well as external risk factors related to international politics and terrorism. How can Apple manage the various risks while maintaining the loyalty and trust of its customers? 8 pp. Case #17-07. (2017)

This case study focuses on Raelyn Campbell, a former Best Buy customer, who is suing the company for $54 million. Campbell states Best Buy lost her laptop - while being serviced for repairs - and tried to cover up its disappearance for more than five months. Additionally, Best Buy failed to address her concerns about identity theft when she acknowledged that years worth of tax returns were still on the missing laptop. The company must now decide how it will manage its image in response to this allegation and devise a communication strategy to further address customer concerns and privacy issues. 14 pp. Case #09-01. (2009)

On September 27, 2004, ChoicePoint, a company that stores and sells critical personal
information, discovered possible fraudulent activity within its network of databases. On further
investigation, ChoicePoint security officials realized that they may have allowed identity thieves
in Los Angeles, who acted as legitimate business clients, to access more than 110.000 people’s
personal information. CEO Derek Smith and Communications Chief James Lee are faced with
explaining the loss to clients, the press, the public, and those who may have been compromised.
They also face the daunting task of restoring confidence in the company. (A) Case, 7 pp. (B)
Case, 6 pp. Case #06-07. (2006)

DoubleClick, an online advertising solutions company, purchased Abacus Direct, a marketer of
consumer purchase data, with the intent of combining the companies’ databases. DoubleClick
came under fire when privacy rights groups and the public feared their privacy would be
compromised by combining the databases and the technology itself. DoubleClick was forced to
implement a privacy plan to demonstrate its commitment to its customers’ satisfaction. (A) Case,
6 pp. (B) Case, 1 p. Case #00-30. (2000)

Consumer credit reporting company Equifax announced on September 7, 2017, that cyber criminals accessed its databases to obtain private information of 143 million US consumers. CEO Richard Smith faces public scrutiny and ponders his next move to effectively manage the crisis at his company. 12 pp. Case #18-03 (2018)

In November 2007, Facebook introduced Beacon, a feature designed to share a user’s online activities
with friends. With concerns for their privacy, outraged Facebook users began expressing their negative
feelings about Beacon. The feature soon become a privacy nightmare for the public, instead of the
beneficial addition Facebook envisioned it to be. Now the company is left wondering how to handle its
mistakes while maintaining a delicate balance between revenue growth and user privacy. 8 pp. Case
#08-07. (2008)

Street View is a new Google application giving 360 degree panoramic views of select U.S. cities. The
media and Google users have voiced concerns about the images displayed on Street View. Google must
continue to develop new and innovative products to increase its user base without over stepping the
boundaries of individual privacy and security. 8 pp. Case #08-03. (2008). Revised: 2009.

In September of 2006, Hewlett-Packard Company submitted a filing to the Securities and Exchange
Commission revealing boardroom intrigue and a corporate spy scandal. Responding to information leaks
from within the board of directors, board chairwoman Patricia Dunn had authorized an internal
investigation using illegal investigation techniques to gain access to the confidential phone records of
board members and several news media reporters. Hewlett-Packard, once a well-respected technology
corporation, now faces chaos in its boardroom, challenges to its ethical values, and various government
investigations. As the company picks up the pieces, it must find a way to restore customer and employee
confidence in its commitment to security and the right to privacy. 12 pp. Case #06-19. (2006)

The world’s computer chip technology leader is faced with the dilemma of consumer privacy
versus the rapidly changing technology the company has developed. The Pentium III chip has the
capability of releasing a PSN which will provide information on users who access Internet web
sites. Intel proposes that the technology provides increased consumer security while privacy
advocacy groups claim there will be a loss of privacy and worse consumer information could be
shared with other companies. 5 pp. Case #00-09. (2000)

In the aftermath of the 9/11 attacks, security on the nation’s commercial airlines becomes a
significant issue for the government, carriers, and passengers who fly each day. In response to a
request from a U.S. Defense Department contractor, JetBlue turns over detailed information
about passengers traveling on the discount carrier, including travel dates, destinations, home
addresses and credit card numbers. After initially denying the charge, JetBlue officials later
defend their actions. Privacy advocates, homeland security officials, and other commercial
airlines wait for public reaction to JetBlue’s actions and statements. 9 pp. Case #04-06. (2004)

A father complains about pregnancy related coupons addressed to his teenage daughter. Target’s predictive analytics had determined his daughter was pregnant and targeted her as a customer before she broke the news to her father. Target must react in the face of a largely publicized article about the incident. 12 pp. (Case # 13-02)

A rapidly-growing west coast sportswear company confronts the conflicting values of corporate
data security and employee privacy. As a senior supervisor begins looking through a trusted
employee’s personal exchanges on the company’s e-mail server, a friend alerts the employee to
the supervisor’s activities. Just how private is e-mail and who should get to look at it? Where
should management balance individual desires for privacy with the need for organizational
security? 3 pp. Case #00-07. (2000)

Sports wagering had been illegal in the United States since 1992, creating massive illegal
markets, including 97% of all wagers ($10.1 billion) placed illegally on March Madness in 2019.
Now, with the 2018 repeal of PASPA, 42 states are considering legalizing sports wagering. The
AGA and state governments are excited to generate more revenue; collegiate organizations
including the NCAA, Power Five Conferences, and Universities are concerned for players’ wellbeing
and game integrity. How should each stakeholder respond? 13 pp. Case # 19-20 (2019)

After a terrorist attack at the Pensacola Naval Air Station, Apple received immense public pressure to comply with the FBI’s request to assist in unlocking the encrypted iPhone of the attacker. Apple’s evolving technology will open the company up to further concerns about user privacy that will need to be addressed. 10 pp. Case #20-03