GAO Report on Connected Vehicles Calls for NHTSA to Define and Document its Role in Vehicle Data Privacy

Share

It’s not news that various branches of the federal government have been studying a range of privacy and consumer safety issues that arise with ever more connected vehicles.  What is new is the Government Accounting Office (GAO)’s report to the House Subcommittee on Research and Technology, Committee on Science, Space and Technology about how current passenger vehicle manufacturers address the many privacy issues that arise with connected vehicle use.

GAO interviewed industry associations and organizations that work on privacy issues and also interviewed 16 automakers that were selected based on their U.S. passenger vehicle sales.  GAO reviewed the written privacy policies of the automakers against a set of leading privacy practices and issued a report, Vehicle Data Privacy:  Industry and Federal Efforts Under Way but NHTSA Needs to Define its Role, on August 28, 2017.

Continue reading “GAO Report on Connected Vehicles Calls for NHTSA to Define and Document its Role in Vehicle Data Privacy”

The FTC’s First Privacy Shield Enforcement Actions

Share

Three U.S. companies have entered into consent agreements with the Federal Trade Commission (FTC) for allegedly misrepresenting their participation in the European Union-United States Privacy Shield framework. These are the FTC’s first actions to enforce the EU-US Privacy Shield framework that was put in place in 2016 to replace the US-EU Safe Harbor framework.

Continue reading “The FTC’s First Privacy Shield Enforcement Actions”

Pending IoT Legislation Would Impose Significant Obligations on Manufacturers

Share

With the House and Senate returning to Washington in September, two recently-introduced Senate bills seek to address perceived vulnerabilities in the security of Internet of Things (IoT) devices sold to the federal government and medical devices which regularly connect to the Internet.

Among the key takeaways in the legislation:

  • Legislation covers both products sold to the federal government and medical devices;
  • Legislation addresses “life of device” obligations of IoT device manufacturers;
  • Disclosure and Certification Requirements could create additional liability for manufacturers of Internet of Things devices.

Continue reading “Pending IoT Legislation Would Impose Significant Obligations on Manufacturers”

White House Issues ATC Report and Seeks Comments on IT Implementation Plan

Share

On August 30, the Trump administration unveiled an ambitious plan to upgrade the federal government’s cyberdefenses by shifting digital functions to the cloud and prioritizing security upgrades for the government’s most important systems.  In this plan, which in many ways continues the cyberefforts of the Obama administration, the White House’s American Technology Council (ATC) justified this large-scale approach due to what it characterized as the federal government’s longstanding less-than-adequate cyberefforts in the face of years of mounting digital threats.

The plan, grounded in the President’s May 2017 Executive Order (EO) 13,800,   tasked  the Director of the ATC to coordinate the preparation of a report to the President from the Secretary of the Department of Homeland Security (DHS), the Director of the Office of Management and Budget (OMB), and the Administrator of the General Services Administration (GSA), in consultation with the Secretary of Commerce (Commerce), regarding the modernization of Federal Information Technology (IT).  In accordance with EO 13,800, a draft IT Modernization report was submitted to the President last week.

Continue reading “White House Issues ATC Report and Seeks Comments on IT Implementation Plan”

HHS-OCR’s Response to Hurricanes Harvey and Irma

Share

HHS-OCR issued a limited waiver of HIPAA Sanctions and Penalties Notice for both Hurricane Harvey and Hurricane Irma. In late August and early September, Secretary Price declared Public Health Emergencies in Texas, Louisiana, Puerto Rico, the U.S. Virgin Islands, and Florida and President Trump shortly followed suit with emergency declarations for both hurricanes, as well. Since both President Trump and Secretary Price declared an emergency for Hurricane Harvey and Hurricane Irma, the Secretary of HHS may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the HIPAA Privacy Rule.

Continue reading “HHS-OCR’s Response to Hurricanes Harvey and Irma”

Online Tax Preparation Service Settles with FTC for GLBA Violations

Share

The FTC reached a settlement  with online tax preparation service TaxSlayer Online for allegedly violating the Gramm Leach Bliley Act’s (“GLBA”) Privacy Rule and Regulation P as well as the Safeguards Rule.

The Privacy Rule/Regulation P requires financial institutions to provide initial and annual notices to their customers informing them about what nonpublic personal information is shared with third parties. It also provides information about how consumers can opt out of certain information sharing.  Both the FTC and the Consumer Financial Protection Bureau enforce the Privacy Rule.

The Safeguards Rule requires financial institutions to use reasonable procedures to safeguard their customers’ nonpublic information. The FTC enforces the Safeguards Rule.

Continue reading “Online Tax Preparation Service Settles with FTC for GLBA Violations”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy