An aircraft manufacturing company located in California, with contacts in the U.S. government, had a data breach. Data stolen included employee records containing employee names, addresses, social security numbers, and bank account numbers. It also included current aircraft blueprints. It was determined that the breach occurred due to an open remote access computer an employee set up with a simple password, for ease of working from home.
After reviewing the scenario, list the laws that impact this data breach. Describe the steps the company has to take in order to comply with the identified laws. Also, describe the IT controls the company needs to set up for information security in order to prevent a similar breach in the future.
You must cite examples from state breach notification laws and FISMA.