Author: Discerning Data Editorial Board

Cybersecurity and Adware: The FTC’s Settlement with Lenovo

Share

The FTC and 32 state attorneys general announced a settlement with Lenovo Inc., one of the largest computer manufacturers, resolving allegations that Lenovo harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.

The FTC’s complaint alleged that in August 2014 Lenovo began selling consumer laptops that came with preinstalled ad-injecting software known as VisualDiscovery, which was developed by Superfish, Inc.  This adware delivered pop-up ads of similar-looking products sold by Superfish’s retail partners whenever a consumer’s cursor hovered over the image of a product on a shopping website. To facilitate its injection of pop-up ads into encrypted https:// websites, Visual Discovery installed a self-signed root certificate in the laptop’s operating system, which caused consumers’ browsers to automatically trust the VisualDiscovery-signed certificates.  Digital certificates are part of the Transport Layer Security protocol that, when properly validated, serve as proof that consumers are communicating with the authentic https:// website and not an imposter.

Continue reading “Cybersecurity and Adware: The FTC’s Settlement with Lenovo”

Death, Taxes and Cybersecurity

Share

If Ben Franklin were alive today, he would add cybersecurity to his famous quote “…in this world nothing can be said to be certain, except death and taxes.”  Cybersecurity is top of mind in every organization in part because of the recent massive ransomware attacks, new federal and state regulations (including the New York Division of Financial Services’ Cybersecurity Regulation) and the upcoming effective date of the European Union’s General Data Protection Regulation (GDPR).  There is no one-size-fits-all solution for organizations that want to shore up their cybersecurity vulnerabilities, but there are a lot of useful reports and advice from federal government agencies.

Continue reading “Death, Taxes and Cybersecurity”

The Era of “Big Data” and EU/U.S. Divergence for Refusals to Deal

Share

The use of “big data” throughout all levels of the economy has led authorities in both Europe and the United States to begin examining how such data may be used as a commodity and, therefore, how it might regulated.

However, authorities on either side of the Atlantic seem to be offering different approaches on the matter; those in Europe are suggesting that big data should be subject to EU abuse of dominance law, whereas U.S. authorities are resisting the notion of big data as an “essential facility” and are suggesting it be considered as an asset within existing merger review processes.

Continue reading “The Era of “Big Data” and EU/U.S. Divergence for Refusals to Deal”

Delaware Amends Data Breach Notification Law

Share

Delaware recently amended its data breach notification laws through House Bill 180, which now expands the definition of breach and personal information. It is now among 14 states to impose explicit data security obligations on businesses. While revisions to the law are in some ways more stringent, they are also more balanced by including a risk of harm requirement.

Under the amended law, which will go into effect on April 14, 2018, the definition of breach has been expanded to include not only unauthorized acquisition, but also disclosure of electronic or paper files, media, databases or other data.  The law also broadens the scope of personal information to include user name or email address, in combination with a password or security question, and answer medical information, and unique biometric data.

Continue reading “Delaware Amends Data Breach Notification Law”

Recordkeeping Corner: All About Those Presidential Tweets & Self-Destructing Messages

Share

President Trump’s first tweet in office was sent within an hour of his inauguration on January 20, 2017, and it has been followed by hundreds of tweets from both @POTUS and @realDonaldTrump.   Are his tweets considered presidential records to be preserved permanently by the National Archives and Records Administration at a future Trump presidential library?   What is the record status of his deleted tweets?  And what is the record status of other state-of-the-art communications like Confide and Signal, which are designed to self-destruct like the message on the tape in “Mission: Impossible?

Continue reading “Recordkeeping Corner: All About Those Presidential Tweets & Self-Destructing Messages”

“Do What You Say and Say What You Do” — The FTC’s Settlement with Uber

Share
  • Settlement reaffirms the importance for companies to deliver on to the privacy and security promises made to consumers
  • Settlement is yet another reminder of one of the most important components of good data security – controlling access to sensitive information.

The Federal Trade Commission (“FTC”) announced, subject final approval after a 30-day comment period, a consent order with Uber Technologies (“Uber”) settling allegations that Uber misrepresented the extent to which it monitored its employees’ access to personal information about users and drivers and that it took reasonable steps to secure such information.  The consent agreement does not contain monetary penalties, but does prohibit Uber from misrepresenting its privacy and security practices and requires that Uber establish a comprehensive privacy program that includes an independent third-party audit every two years for the next 20 years. The FTC’s complaint highlights practices that the FTC finds fail to provide reasonable security when utilizing the services of a third-party could storage service, Amazon Web Services (“AWS”).

Continue reading ““Do What You Say and Say What You Do” — The FTC’s Settlement with Uber”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy