FORMATIVE ASSESSMENT 1 Read the scenario below and answer ALL the questions that follow Data Privacy and Cybersecurity Legal Challenges in a Global Tech Firm DataShield Inc. is a multinational cloud storage and cybersecurity company operating across Europe, North America, and Africa. The company provides data encryption, secure cloud storage, and cybersecurity threat intelligence services. [100 MARKS] Recently, DataShield faced a major data breach that exposed sensitive client information, triggering investigations by multiple regulatory bodies, including the General Data Protection Regulation (GDPR) in Europe, the Protection of Personal Information Act (POPIA) in South Africa, and the California Consumer Privacy Act (CCPA) in the U.S. The breach involved unauthorized access to DataShield's cloud infrastructure, resulting in the leak of personal and financial information of thousands of customers. Additionally, some customers have filed lawsuits against the company, alleging negligence in securing their data. DataShield must now navigate complex legal frameworks, mitigate reputational damage, and strengthen its cybersecurity policies to regain client trust. QUESTION 1 (25 Marks) 1.1 Identify the key legal obligations of Data Shield under GDPR, POPIA, and CCPA following the data (10 marks) breach. 1.2 Discuss the possible legal consequences (fines, lawsuits, compliance actions) Data Shield may face (10 marks) as a result of the data breach. 1.3 Propose a response plan to manage legal liabilities and regulatory compliance post-breach. (5 marks) QUESTION 2 (25 Marks) 2.1 Evaluate the weaknesses in Data Shield’s current cybersecurity framework that contributed to the (10 marks) breach. 2.2 Based on the weaknesses identified recommend improvements in data protection policies, encryption (10 marks) methods, and cybersecurity protocols. 2.3 Assess the role of incident response teams and regulatory reporting in mitigating future risks. QUESTION 3 Analyse the challenges multinational corporations face in complying with different data protection laws across jurisdictions. Once analysis is complete, compare GDPR, POPIA, and CCPA in terms of data processing, breach notification, and consumer rights. Propose strategies for harmonizing compliance efforts across multiple regulatory frameworks. QUESTION 4 Discuss the ethical obligations of companies in handling sensitive customer data beyond legal compliance, in addition evaluate the impact of AI-driven data analytics and tracking technologies on privacy rights. Propose ethical guidelines for responsible data collection, storage, and processing. (5 marks) (25 Marks) (25 Marks) END OF PAPER