Cybersecurity and Adware: The FTC’s Settlement with Lenovo

Share

The FTC and 32 state attorneys general announced a settlement with Lenovo Inc., one of the largest computer manufacturers, resolving allegations that Lenovo harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.

The FTC’s complaint alleged that in August 2014 Lenovo began selling consumer laptops that came with preinstalled ad-injecting software known as VisualDiscovery, which was developed by Superfish, Inc.  This adware delivered pop-up ads of similar-looking products sold by Superfish’s retail partners whenever a consumer’s cursor hovered over the image of a product on a shopping website. To facilitate its injection of pop-up ads into encrypted https:// websites, Visual Discovery installed a self-signed root certificate in the laptop’s operating system, which caused consumers’ browsers to automatically trust the VisualDiscovery-signed certificates.  Digital certificates are part of the Transport Layer Security protocol that, when properly validated, serve as proof that consumers are communicating with the authentic https:// website and not an imposter.

Continue reading “Cybersecurity and Adware: The FTC’s Settlement with Lenovo”

Logging Your First Information Governance Success

Share

This is the first in an occasional series of blog posts providing practical guidance on how to create an information governance program and how successfully to execute on specific information governance projects.

One of the most common questions we hear from organizations about information governance is “How can we get started?”  We often counsel clients that the best way to get started is to look for a quick-win opportunity where information governance can add value.  Even a small project can serve as a catalyst to organically spur and mature information governance.

As part of its ongoing case study series, the Information Governance Initiative (IGI) recently profiled one of the largest retailers and distributors of tires and automobile parts in the United States.  Like most organizations, this company had legacy, digital data in departmental shared drives that it wanted to manage better.

Continue reading “Logging Your First Information Governance Success”

Webinar Series: Preparing for the General Data Protection Regulation (GDPR)

Share

The new General Data Protection Regulation (GDPR) is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive.

In our ongoing series of GDPR-focused webinars, we guide attendees through the (GDPR) provisions, which will take effect on May 25, 2018 for all companies conducting business with EU citizens.

With the deadline for compliance quickly approaching, these sessions provide practical, detailed advice on preparations, as well as developments related to GDPR compliance preparations. We have included links to each of these sessions and a summary of what was covered below.

Continue reading “Webinar Series: Preparing for the General Data Protection Regulation (GDPR)”

Death, Taxes and Cybersecurity

Share

If Ben Franklin were alive today, he would add cybersecurity to his famous quote “…in this world nothing can be said to be certain, except death and taxes.”  Cybersecurity is top of mind in every organization in part because of the recent massive ransomware attacks, new federal and state regulations (including the New York Division of Financial Services’ Cybersecurity Regulation) and the upcoming effective date of the European Union’s General Data Protection Regulation (GDPR).  There is no one-size-fits-all solution for organizations that want to shore up their cybersecurity vulnerabilities, but there are a lot of useful reports and advice from federal government agencies.

Continue reading “Death, Taxes and Cybersecurity”

The Era of “Big Data” and EU/U.S. Divergence for Refusals to Deal

Share

The use of “big data” throughout all levels of the economy has led authorities in both Europe and the United States to begin examining how such data may be used as a commodity and, therefore, how it might regulated.

However, authorities on either side of the Atlantic seem to be offering different approaches on the matter; those in Europe are suggesting that big data should be subject to EU abuse of dominance law, whereas U.S. authorities are resisting the notion of big data as an “essential facility” and are suggesting it be considered as an asset within existing merger review processes.

Continue reading “The Era of “Big Data” and EU/U.S. Divergence for Refusals to Deal”

Delaware Amends Data Breach Notification Law

Share

Delaware recently amended its data breach notification laws through House Bill 180, which now expands the definition of breach and personal information. It is now among 14 states to impose explicit data security obligations on businesses. While revisions to the law are in some ways more stringent, they are also more balanced by including a risk of harm requirement.

Under the amended law, which will go into effect on April 14, 2018, the definition of breach has been expanded to include not only unauthorized acquisition, but also disclosure of electronic or paper files, media, databases or other data.  The law also broadens the scope of personal information to include user name or email address, in combination with a password or security question, and answer medical information, and unique biometric data.

Continue reading “Delaware Amends Data Breach Notification Law”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy