no references needed. Part 1 and Part 2 need 100 words each
Part 1 The Ski Granby Ranch is a sophisticated, flourishing ski resort with more than 1,500 homes, 1,100 time-shares, and a multi-million-dollar ski business. Guests visiting the resort can enjoy the indoor/outdoor water park, play golf on one of the two 18-hole championship golf courses, ski, snowboard, or snow tube in the winter on 14 trails that are all lighted for night skiing, or relax at the full-service spa. There are also three dining rooms, card rooms, nightly movies, and live weekend entertainment. The resort uses a computerized system to make room reservations and bill customers. Following standard policy for the industry, the resort also offers authorized travel agents a 10 percent commission on room bookings. Each week, the resort prints an exception report of bookings made by unrecognized travel agents. However, the managers usually pay the commissions anyway, partly because they don’t want to anger the travel agencies and partly because the computer file that maintains the list of authorized agents is not kept up-to-date. Although management has not discovered it, several employees are exploiting these circumstances. As often as possible, they call the resort from outside phones, pose as travel agents, book rooms for friends and relatives, and collect the commissions. The incentive is obvious: rooms costing as little as $100 per day result in payments of $10 per day to the “travel agencies” that book them. The scam has been going on for years, and several guests now book their rooms exclusively through these employees, finding these people particularly courteous and helpful. 1. Do you believe this is a computer crime? Why or why not? 2. Can this be considered as fraud? Why or why not? 3. What internal controls would you recommend that would enable the resort’s managers to prevent such offenses? Part 2 From the viewpoint of the customer, what are the advantages and disadvantages to the opt-in versus the opt-out approaches to collecting personal information? From the viewpoint of the organization desiring to collect such information? Upon your request (with proper verification of your identity) should organizations be required to delete personal information about you that they possess? Explain in detail.