Concerns of TechFite Company Legal Constraints and Liability

TechFite is a consulting and advising internet organization that aids in helping other businesses with ways to be more profitable in digitizing their online ventures. The company has had a good reputation over time; however, its application division has caught the eyes of the media for being reported to undertake some disturbing business practices. (Editor, 2018) Recently, TechFite had business ventures with Orange Leaf Software LLC to be hired for consultation services. However, before disclosing any technical details, the applicant division executive executed a non-disclosure agreement with Orange Leaf organization. During the pre-consultation process, Orange Leaf's chief technology officer completed a questionnaire that included their organization's technical information. However, for their reasons, Orange Leaf did not employ the TechFite Application Division. But months later, Orange Leaf was surprised that their competitors were launching similar products to theirs. This was a similar scenario with CTO for Union City Electronic Ventures.

The specific laws that the TechFite organization breached

Therefore, this violated laws since organizations must protect their client's confidentiality at all costs, even if they decline to conduct business. Thus TechFite organization was liable for breaching the Computer Fraud and Abuse Act (CFAA). This Act has been enacted to address legal and illegal access to federal and financial information technology systems to reduce computer system cracking and gaining unauthorized penetration to obtain information illegally (Johnson, 2015). Thus there are claims that the organization utilized a common hacking program called Metasploit to compromise the security system of both Orange Leaf and COT for Union City Electronics Ventures that were used in interstate commerce by their competitors. The TechFite organization has a Business Intelligent (BI) unit, which gathers publicly available information about the organizations they have worked with to benefit their marketing scheme. It is a legal operation and common in an organization offering such activities. However, they failed to safeguard some of the vital details of the clients who refused to conduct business with them.

In addition, Electronic Communication Privacy Act (ECPA) was breached. The Act prohibits interceptions, disclosure, or electronic and oral communication. It is illegal to manufacture, distribute or possess a device whose primary use is the surreptitious interception of such communication (Gregg, 2006). Thus TechFite BI unit gained unauthorized access to the two victims' HR and financial departments to examine their financial and executive documents without the victim's consent. The intelligent business unit is not obligated to access this document for its normal operation; thus, that action violated the Electronic Communications Privacy Act. Also, TechFite was liable for breaching the Sarbanes-Oxley Act (SOX), which the U.S. Congress enacted to protect investors from inaccurate financial reporting by corporations (Kenton et al., 2022). Thus TechFite failed to report the internal controls that affect their financial reports. They could not do any other legitimate purpose other than making financial transactions that were off the books through the Free-workers band, which had not established any ties with the TechFite organization.

Instances in which due care was inadequate

Besides the organization having a Business Intelligence unit, it was not explicitly documented to what extent the unit could prevent its abuse. Although there was a review of the TechFite's Application Division for the chief information security officer revealing the organization's performance of the credible job in protecting their client's division networks against external attacks. Security analyst Nadia Johnson failed to document the major operation of the Business Intelligence unit, specifically to audit their client's account who had been unable to indulge in business with them (Editor, 2018). They had tried to derive some summaries from getting cover-up that no operation was found on the internal operation. The security analyst failed to explain how they obtained the privileges that breached their client data because they could not monitor their internal network well.

Also, this was not the first case the organization faced that had led to the data breach of clients who had failed to conduct business with them. There has been previous coverage of the organization failing to safeguard sensitive and proprietary data belonging to their existing and potential clients. The organization system architecture was poorly designed in that the BI unit lacked authorization rights, and any worker could have access to it. Besides, all their workstations and computers had administrative rights, which is dangerous because any worker who is not supposed to have access to some information could create a client report and sell it to their competitors.

Disaster recovery plans to ensure business continuity

Employing business continuity and disaster recovery plans in TechFit will minimize the impact that that catastrophic event might have caused the potential business clients (ONLINE, 2022). After conducting a checkup of the organization system, they discovered that a Metasploit tool was planted on several machines. There was considerable evidence on the hard drive that depicted recent penetration and scanning activities into IP addresses of other internet-based organizations. However, the major concern was on Sarah Miller, the senior analyst, yet she had the most traffic in scanning other organization networks. Jack Hudson, a junior worker, took instructions from Miller; he was found to be penetrating other internet organization networks and gathering intelligence by surveilling the company trash.

What is more of concern is Jack Hudson was a member of Competitive Intelligence Professionals, who are expected to be practicing a high dignity code of ethics against illegal penetration of other organization networks. Therefore, for TechFit to redeem itself, they need to fix its systems in that administrative privileges are only granted to executive officers who can handle them. Besides, they should uninstall all the Metasploit tools from their system and educate their employees on work ethics.