Information Technology Legal Analysis

Part A

The Computer Fraud and Abuse Act of 1986 criminalizes at the federal level the access of a computer system to obtain information, especially concerning financial data, without authorization. The USA Congress defines such access to defraud an organization or agency or to conspire to do so as a federal crime (Congress, 2022). This is evident in the TechFite case study as the audit found a Metasploit tool on several computers and some dummy user accounts in the BI Unit accessing groups and units within TechFite without proper authority.

Additionally, the access violates the Electronic Communications Privacy Act of 1986, prohibiting unauthorized access to wire, oral, or electronic communication as it is processed in an organization (Johnson, 2016). The audit found that information stored on hard drives of some computers was compromised, and even more disturbing, some emails sent to non TechFite clients containing company information.


TechFite should face legal action based on its alarming rate of cyber negligence. For instance, the company should uphold the best practice data protection measures, as the Pennsylvania Supreme Court ruled in the Dittman v. UPMC 2018. Another such case is the 2015 Enslin v. The Coca-Cola Company, where the Eastern District of Pennsylvania USA court found Coca-Cola Company liable for negligence in protecting its data and computing systems. Most remarkable is the Privacy Act of 1974, which in part requires an organization to enact a code of fair information practices that govern the maintenance of information, to prevent bleach or data records or disclosure to unauthorized parties.

In that connection, the Sarbanes–Oxley Act of 2002 – a federal law, requires that all companies implement anti-fraud measures. One such measure is the implementation of rules that enhance audits to provide proof of the accuracy, especially on financial matters (Legal Information Institute, 2022). This applies to TechFite since the companies declare protection of clients’ data, as seen in the clients signing a nondisclosure agreement (NDA) with Orange Leaf and Union City Electronic Ventures.

Part B

The audit finds important evidence that TechFite information systems and data management are compromised, leading to the alleged criminal activity. For instance, their computers and systems have been penetrated, and anonymous accounts actively steal information and send it outside the company. This is reasonably how sensitive information for Orange Leaf and Union City Electronic Ventures was leaked to their competitors. This malice must have been conducted by staff in the BI Unit, with high suspicion on the senior analyst where the escalation of privilege has occurred on unidentified user accounts. Unfortunately, the company has failed to implement audits in user accounts, conduct vulnerability scans, employ a Chinese wall methodology, and oversight the BI Unit. These are preliminary strategies for ensuring data security and conforming to data protection and privacy laws.

The case study provides information that shows the management is to blame. The management is responsible for implementing laws and organizational policies that ensure best practices and adherence to data protection and privacy laws. As such, the victims are its potential clients, such as Orange Leaf and Union City Electronic Ventures, and itself since its vulnerability is escalated. There is an evident lack of coverage on the critical issue that concerns safeguarding and protecting clients’ information, despite the USA’s heightened state of cybercrime activities. Lack of an audit system for computer systems, failure to scan computers and computer systems for vulnerabilities, and failure to have an oversight board for the BI Unit is negligence, which has led to the whole mess of data management and consequent litigation.

Part C                                                                  

After investigation of the alleged misconduct, TechFite data management is indeed compromised, and the company is likely to face litigation on legal compliance. The audit on company data systems and management indicates that computers are infected, company computer systems are penetrated, and there is an active information leak from the BI Unit to unidentified user accounts. These are the main issues that could be mitigated. However, the company has failed to audit user accounts, conduct vulnerability scans on computer systems, employ a Chinese wall methodology, oversee the BI Unit, and cover the critical issue that concerns safeguarding and protecting clients’ information.


Congress. (2022). S.2864 – Computer Fraud and Abuse Act of 1984. Retrieved 13 April 2022, from

Johnson, L. (2016). Statutory and Regulatory GRC. Security Controls Evaluation, Testing, And Assessment Handbook, 11-33.

Legal Information Institute. (2022). Sarbanes-Oxley Act. LII / Legal Information Institute. Retrieved 13 April 2022, from