DBR ON DATA

Security, Privacy and Information Governance

Category: Retail



Cybersecurity and Adware: The FTC’s Settlement with Lenovo

Share

The FTC and 32 state attorneys general announced a settlement with Lenovo Inc., one of the largest computer manufacturers, resolving allegations that Lenovo harmed consumers by pre-loading software on some laptops that compromised security protections in order to deliver ads to consumers.

The FTC’s complaint alleged that in August 2014 Lenovo began selling consumer laptops that came with preinstalled ad-injecting software known as VisualDiscovery, which was developed by Superfish, Inc.  This adware delivered pop-up ads of similar-looking products sold by Superfish’s retail partners whenever a consumer’s cursor hovered over the image of a product on a shopping website. To facilitate its injection of pop-up ads into encrypted https:// websites, Visual Discovery installed a self-signed root certificate in the laptop’s operating system, which caused consumers’ browsers to automatically trust the VisualDiscovery-signed certificates.  Digital certificates are part of the Transport Layer Security protocol that, when properly validated, serve as proof that consumers are communicating with the authentic https:// website and not an imposter.

Continue reading

Logging Your First Information Governance Success

Share

One of the most common questions we hear from organizations about information governance is “How can we get started?”  We often counsel clients that the best way to get started is to look for a quick-win opportunity where information governance can add value.  Even a small project can serve as a catalyst to organically spur and mature information governance.

As part of its ongoing case study series, the Information Governance Initiative (IGI) recently profiled one of the largest retailers and distributors of tires and automobile parts in the United States.  Like most organizations, this company had legacy, digital data in departmental shared drives that it wanted to manage better.

Continue reading

New Jersey Enacts Personal Information and Privacy Protection Act

Share

The New Jersey “Personal Information and Privacy Protection Act” was signed into law on July 21, 2017 by Governor Chris Christie and will be effective November 1, 2017.

The law restricts the way retail establishments may collect and use the personal information contained in the electronic data embedded in identification cards, such as driver’s licenses. The law responds to concerns raised by reports related to how businesses use and store personal information obtained from scanned driver’s licenses.

Continue reading

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy