MilConsumer Blog Feed

The Hart Scott Rodino (HSR) Act and Rules require that parties to certain mergers and acquisitions submit premerger notification filings and wait before consummating the transaction. Parties must often balance the HSR filing requirement with a number of other regulatory requirements, as well as any conditions to closing. When planning an acquisition or merger, practitioners should pay attention to the specific timing parameters in the HSR Act, 15...

If you or your clients are in the tax preparation field, there are three letters you should focus on. OK, I-R-S may be the first thing on your mind. But as the FTC’s proposed settlement with TaxSlayer suggests, don’t forget those other important letters: G-L-B. Under the Gramm-Leach-Bliley Act, “financial institutions” – more on what that means in a moment – must comply with the Privacy Rule and the Safeguards Rule. The Privacy Rule requires...

Who’s coming in and what’s going out? Businesses that want to stick with security build commonsense monitoring into their brick-and-mortar operations. Whether it’s a key card reader at the door or a burglar alarm activated at night, careful companies keep an eye on entrances and exits. Your computer systems deserve the same kind of watchful attention, which is why Start with Security advises you to segment your network and monitor who’s trying to...

According to the “Mad Men” stereotype, you could spot an old-school advertising agency executive by the tailored wardrobe and expense account lunch. A lot has changed in the ad game, but two truths remain: 1) More than 50 years of FTC cases establish that ad agencies may be liable for their role in deceptive campaigns; and 2) Companies that may not describe themselves as “ad agencies” may still be held responsible for illegal acts or practices...

You’ve heard about Newton’s laws regarding bodies at rest and bodies in motion. A 21st century corollary is to protect sensitive information when it’s at rest on your network and implement effective safeguards when it’s in motion – for example, when a customer transfers confidential data from their computer to your system. Careful companies take the advice of Start with Security by storing sensitive personal information securely and protecting it...

How much information does Uber have about its riders and drivers? A lot. The FTC just announced a settlement addressing charges that the company falsely claimed to closely monitor internal access to consumers’ personal information on an ongoing basis. The FTC also alleges that Uber failed to live up to its promise to provide reasonable security for consumer data. Uber collects and maintains sensitive information about its riders – for example...

To make it harder for hackers to bluff their way onto a computer network, careful companies follow the advice of Start with Security and require strong authentication practices. We’ve considered FTC settlements, closed investigations, and the questions we get from businesses about implementing good authentication “hygiene.” Here are some tips on using effective authentication procedures to help safeguard your network. Insist on long, complex, and...

You’ve conducted an information “census” to identify and locate the confidential data in your company’s possession. Then you determined what you need to hold on to for business purposes. What’s the next step? According to Start with Security, it’s time to put limits in place to control access to data sensibly. It’s not a novel concept. You have a lock on the door to prevent after-hours access to your business and people can’t just stroll onto...

When it comes to data security, what’s reasonable will depend on the size and nature of your business and the kind of data you deal with. But certain principles apply across the board: Don’t collect sensitive information you don’t need. Protect the information you maintain. And train your staff to carry out your policies. The FTC’s Start with Security initiative was built on those fundamentals. As we mentioned in last week’s introductory post, we...

Savvy business people are on the lookout for ways to minimize their companies’ risk of a data breach. Many businesses consult the FTC’s complaints and orders, each of which includes a detailed description of the conduct alleged to have violated the FTC Act. Perhaps it was a broken promise about the care the company said it would take when handling consumers’ sensitive data. In other cases, it might be a pattern of failures which, when taken...