White House Issues ATC Report and Seeks Comments on IT Implementation Plan

Share

On August 30, the Trump administration unveiled an ambitious plan to upgrade the federal government’s cyberdefenses by shifting digital functions to the cloud and prioritizing security upgrades for the government’s most important systems.  In this plan, which in many ways continues the cyberefforts of the Obama administration, the White House’s American Technology Council (ATC) justified this large-scale approach due to what it characterized as the federal government’s longstanding less-than-adequate cyberefforts in the face of years of mounting digital threats.

The plan, grounded in the President’s May 2017 Executive Order (EO) 13,800,   tasked  the Director of the ATC to coordinate the preparation of a report to the President from the Secretary of the Department of Homeland Security (DHS), the Director of the Office of Management and Budget (OMB), and the Administrator of the General Services Administration (GSA), in consultation with the Secretary of Commerce (Commerce), regarding the modernization of Federal Information Technology (IT).  In accordance with EO 13,800, a draft IT Modernization report was submitted to the President last week.

Continue reading “White House Issues ATC Report and Seeks Comments on IT Implementation Plan”

HHS-OCR’s Response to Hurricanes Harvey and Irma

Share

HHS-OCR issued a limited waiver of HIPAA Sanctions and Penalties Notice for both Hurricane Harvey and Hurricane Irma. In late August and early September, Secretary Price declared Public Health Emergencies in Texas, Louisiana, Puerto Rico, the U.S. Virgin Islands, and Florida and President Trump shortly followed suit with emergency declarations for both hurricanes, as well. Since both President Trump and Secretary Price declared an emergency for Hurricane Harvey and Hurricane Irma, the Secretary of HHS may waive sanctions and penalties against a covered hospital that does not comply with certain provisions of the HIPAA Privacy Rule.

Continue reading “HHS-OCR’s Response to Hurricanes Harvey and Irma”

Online Tax Preparation Service Settles with FTC for GLBA Violations

Share

The FTC reached a settlement  with online tax preparation service TaxSlayer Online for allegedly violating the Gramm Leach Bliley Act’s (“GLBA”) Privacy Rule and Regulation P as well as the Safeguards Rule.

The Privacy Rule/Regulation P requires financial institutions to provide initial and annual notices to their customers informing them about what nonpublic personal information is shared with third parties. It also provides information about how consumers can opt out of certain information sharing.  Both the FTC and the Consumer Financial Protection Bureau enforce the Privacy Rule.

The Safeguards Rule requires financial institutions to use reasonable procedures to safeguard their customers’ nonpublic information. The FTC enforces the Safeguards Rule.

Continue reading “Online Tax Preparation Service Settles with FTC for GLBA Violations”

Cybersecurity and Adware: The FTC’s Settlement with Lenovo

Share

The FTC and 32 state attorneys general announced a settlement with Lenovo Inc., one of the largest computer manufacturers, resolving allegations that Lenovo harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.

The FTC’s complaint alleged that in August 2014 Lenovo began selling consumer laptops that came with preinstalled ad-injecting software known as VisualDiscovery, which was developed by Superfish, Inc.  This adware delivered pop-up ads of similar-looking products sold by Superfish’s retail partners whenever a consumer’s cursor hovered over the image of a product on a shopping website. To facilitate its injection of pop-up ads into encrypted https:// websites, Visual Discovery installed a self-signed root certificate in the laptop’s operating system, which caused consumers’ browsers to automatically trust the VisualDiscovery-signed certificates.  Digital certificates are part of the Transport Layer Security protocol that, when properly validated, serve as proof that consumers are communicating with the authentic https:// website and not an imposter.

Continue reading “Cybersecurity and Adware: The FTC’s Settlement with Lenovo”

Logging Your First Information Governance Success

Share

This is the first in an occasional series of blog posts providing practical guidance on how to create an information governance program and how successfully to execute on specific information governance projects.

One of the most common questions we hear from organizations about information governance is “How can we get started?”  We often counsel clients that the best way to get started is to look for a quick-win opportunity where information governance can add value.  Even a small project can serve as a catalyst to organically spur and mature information governance.

As part of its ongoing case study series, the Information Governance Initiative (IGI) recently profiled one of the largest retailers and distributors of tires and automobile parts in the United States.  Like most organizations, this company had legacy, digital data in departmental shared drives that it wanted to manage better.

Continue reading “Logging Your First Information Governance Success”

Webinar Series: Preparing for the General Data Protection Regulation (GDPR)

Share

The new General Data Protection Regulation (GDPR) is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive.

In our ongoing series of GDPR-focused webinars, we guide attendees through the (GDPR) provisions, which will take effect on May 25, 2018 for all companies conducting business with EU citizens.

With the deadline for compliance quickly approaching, these sessions provide practical, detailed advice on preparations, as well as developments related to GDPR compliance preparations. We have included links to each of these sessions and a summary of what was covered below.

Continue reading “Webinar Series: Preparing for the General Data Protection Regulation (GDPR)”

©2025 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy