30-Day Notice; Agency Information Collection Activities: Proposed Collection; Comment Request, 68629-68630 [E6-19741]
Download as PDF
<![CDATA[
sroberts on PROD1PC70 with NOTICES
Federal Register / Vol. 71, No. 227 / Monday, November 27, 2006 / Notices
appropriate action or make final the
agreement’s proposed order.
Guidance sells software and related
training, materials, and services that
customers use to, among other things,
investigate and respond to computer
breaches and other security incidents. In
selling its products and services,
Guidance routinely collected sensitive
personal information from customers,
including name, address, e-mail
address, telephone number, and, for
customers paying with a credit card, the
card number, expiration date, and
security code number. It collected this
information through its website, sales
representatives, and telephone and fax
orders and stored the information on its
computer network. This matter concerns
alleged false or misleading
representations Guidance made about
the security it provided for this
information.
The Commission’s proposed
complaint alleges that Guidance
represented that it implemented
reasonable and appropriate security
measures to protect the privacy and
confidentiality of personal information.
The complaint alleges this
representation was false because
Guidance engaged in a number of
practices that, taken together, failed to
provide reasonable and appropriate
security for sensitive personal
information stored on its computer
network. In particular, although it
employed SSL encryption, Guidance: (1)
Stored the information in clear readable
text; (2) did not adequately assess the
vulnerability of its web application and
network to certain commonly known or
reasonably foreseeable attacks, such as
‘‘Structured Query Language’’ (or
‘‘SQL’’) injection attacks; (3) did not
implement simple, low-cost, and readily
available defenses to such attacks; (4)
stored in clear readable text network
user credentials that facilitate access to
sensitive personal information on the
network; (5) did not use readily
available security measures to monitor
and control connections from the
network to the Internet; and (6) failed to
employ sufficient measures to detect
unauthorized access to sensitive
personal information.
The complaint further alleges that
beginning in September 2005 and
continuing through December 7, 2005, a
hacker exploited these vulnerabilities by
using SQL injection attacks on
Guidance’s Web site and web
application to install common hacking
programs on Guidance’s computer
network. The hacking programs were
used to find sensitive personal
information, including credit card
numbers, expiration dates, and security
VerDate Aug<31>2005
16:58 Nov 24, 2006
Jkt 211001
code numbers, stored on the network
and to transmit the information over the
Internet to computers outside the
network. As a result, the hacker
obtained unauthorized access to
information for thousands of credit
cards.
The proposed order applies to
personal information Guidance obtains
from consumers. It contains provisions
designed to prevent Guidance from
engaging in the future in practices
similar to those alleged in the
complaint.
Part I of the proposed order prohibits
Guidance, in connection with the online
advertising, marketing, promotion,
offering for sale, or sale of any product
or service, from misrepresenting the
extent to which it maintains and
protects the privacy, confidentiality, or
security of any personal information
collected from or about consumers.
Part II of the proposed order requires
Guidance to establish and maintain a
comprehensive information security
program in writing that is reasonably
designed to protect the security,
confidentiality, and integrity of personal
information collected from or about
consumers. The security program must
contain administrative, technical, and
physical safeguards appropriate to
Guidance’s size and complexity, the
nature and scope of its activities, and
the sensitivity of the personal
information collected from or about
consumers. Specifically, the order
requires Guidance to:
Designate an employee or employees
to coordinate and be accountable for the
information security program.
Identify material internal and external
risks to the security, confidentiality, and
integrity of customer information that
could result in the unauthorized
disclosure, misuse, loss, alteration,
destruction, or other compromise of
such information, and assess the
sufficiency of any safeguards in place to
control these risks.
Design and implement reasonable
safeguards to control the risks identified
through risk assessment, and regularly
test or monitor the effectiveness of the
safeguards’ key controls, systems, and
procedures.
Develop and use reasonable steps to
retain service providers capable of
appropriately safeguarding personal
information they receive from Guidance,
require service providers by contract to
implement and maintain appropriate
safeguards, and monitor their
safeguarding of personal information.
Evaluate and adjust its information
security program in light of the results
of testing and monitoring, any material
changes to its operations or business
PO 00000
Frm 00101
Fmt 4703
Sfmt 4703
68629
arrangements, or any other
circumstances that it knows or has
reason to know may have material
impact on its information security
program.
Part III of the proposed order requires
that Guidance obtain within 180 days,
and on a biennial basis thereafter for a
period of ten (10) years, an assessment
and report from a qualified, objective,
independent third-party professional,
certifying, among other things, that: (1)
It has in place a security program that
provides protections that meet or exceed
the protections required by Part II of the
proposed order; and (2) its security
program is operating with sufficient
effectiveness to provide reasonable
assurance that the security,
confidentiality, and integrity of
consumers’ personal information has
been protected.
Parts IV through VIII of the proposed
order are reporting and compliance
provisions. Part IV requires Guidance to
retain documents relating to their
compliance with the order. For most
records, the order requires that the
documents be retained for a five-year
period. For the third-party assessments
and supporting documents, Guidance
must retain the documents for a period
of three years after the date that each
assessment is prepared. Part V requires
dissemination of the order now and in
the future to persons with
responsibilities relating to the subject
matter of the order. Part VI ensures
notification to the FTC of changes in
corporate status. Part VII mandates that
Guidance submit compliance reports to
the FTC. Part VIII is a provision
‘‘sunsetting’’ the order after twenty (20)
years, with certain exceptions.
The purpose of this analysis is to
facilitate public comment on the
proposed order. It is not intended to
constitute an official interpretation of
the proposed order or to modify their
terms in any way.
By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. E6–19965 Filed 11–24–06; 8:45 am]
BILLING CODE 6750–01–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office of the Secretary
[Document Identifier: OS–0990–0001]
30-Day Notice; Agency Information
Collection Activities: Proposed
Collection; Comment Request
AGENCY:
E:\FR\FM\27NON1.SGM
Office of the Secretary, HHS.
27NON1
sroberts on PROD1PC70 with NOTICES
68630
Federal Register / Vol. 71, No. 227 / Monday, November 27, 2006 / Notices
In compliance with the requirement
of section 3506(c)(2)(A) of the
Paperwork Reduction Act of 1995, the
Office of the Secretary (OS), Department
of Health and Human Services, is
publishing the following summary of a
proposed collection for public
comment. Interested persons are invited
to send comments regarding this burden
estimate or any other aspect of this
collection of information, including any
of the following subjects: (1) The
necessity and utility of the proposed
information collection for the proper
performance of the agency’s functions;
(2) the accuracy of the estimated
burden; (3) ways to enhance the quality,
utility, and clarity of the information to
be collected; and (4) the use of
automated collection techniques or
other forms of information technology to
minimize the information collection
burden.
Type of Information Collection
Request: Extension.
Title of Information Collection:
Application for Waiver of the 2-Year
Foreign Residence Requirement of the
Exchange Visitor Program.
Form/OMB No.: OS–0990–0001.
Use: The information requested by
this form and supplementary
information sheets is used by this
Department to make a determination, in
accordance with its published
regulations, as to whether or not to
request from the Department of State, a
waiver of the two-year foreign residence
requirement for applicants in the United
States on a J–I visa.
Frequency: Reporting Single time.
Affected Public: Not-for-profit
institutions.
Annual Number of Respondents: 250.
Total Annual Responses: 250.
Average Burden Per Response: 10 hrs.
Total Annual Hours: 2500.
To obtain copies of the supporting
statement and any related forms for the
proposed paperwork collections
referenced above, e-mail your request,
including your address, phone number,
OMB number, and OS document
identifier, to
Sherette.funncoleman@hhs.gov, or call
the Reports Clearance Office on (202)
690–6162. Written comments and
recommendations for the proposed
information collections must be
received within 30 days of this notice
directly to the Desk Officer at the
address below:
OMB Desk Officer: John Kraemer,
OMB Human Resources and Housing
Branch, Attention: (OMB #0990–0001),
New Executive Office Building, Room
10235, Washington DC 20503.
VerDate Aug<31>2005
16:58 Nov 24, 2006
Jkt 211001
Dated: November 14, 2006.
Alice Bettencourt,
Office of the Secretary, Paperwork Reduction
Act Reports Clearance Officer.
[FR Doc. E6–19741 Filed 11–22–06; 8:45 am]
BILLING CODE 4150–38–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Office of the Secretary
[Document Identifier: OS–0990–0000]
30-Day Notice; Agency Information
Collection Activities: Proposed
Collection; Comment Request
Office of the Secretary, HHS.
In compliance with the requirement
of section 3506(c)(2)(A) of the
Paperwork Reduction Act of 1995, the
Office of the Secretary (OS), Department
of Health and Human Services, is
publishing the following summary of a
proposed collection for public
comment. Interested persons are invited
to send comments regarding this burden
estimate or any other aspect of this
collection of information, including any
of the following subjects: (1) The
necessity and utility of the proposed
information collection for the proper
performance of the agency’s functions;
(2) the accuracy of the estimated
burden; (3) ways to enhance the quality,
utility, and clarity of the information to
be collected; and (4) the use of
automated collection techniques or
other forms of information technology to
minimize the information collection
burden.
Type of Information Collection
Request: New collection.
Title of Information Collection:
Oklahoma Marriage Initiative Process
Evaluation.
Form/OMB No.: OS–0990–New.
Use: This data collection will support
the HHS effort to document
implementation lessons from the
Oklahoma Marriage Initiative. Since the
Oklahoma Marriage Initiative is the
largest and most longstanding
intervention of its kind, this evaluation
will fill a gap in our understanding of
the implications of implementation
decisions in marriage programming,
Information will be collected through
structured interviews and focus groups
with program developers, practitioners,
and participants.
Frequency: Reporting single time.
Affected Public: State, Local or Tribal
Government.
Annual Number of Respondents: 260.
Total Annual Responses: 260.
Average Burden Per Response: 1.5
hrs.
AGENCY:
PO 00000
Frm 00102
Fmt 4703
Sfmt 4703
Total Annual Hours: 390.
To obtain copies of the supporting
statement and any related forms for the
proposed paperwork collections
referenced above, e-mail your request,
including your address, phone number,
OMB number, and OS document
identifier, to
Sherette.funncoleman@hhs.gov, or call
the Reports Clearance Office on (202)
690–6162. Written comments and
recommendations for the proposed
information collections must be
received within 30 days of this notice
directly to the Desk Officer at the
address below:
OMB Desk Officer: John Kraemer,
OMB Human Resources and Housing
Branch, Attention: (OMB #0990–New),
New Executive Office Building, Room
10235, Washington DC 20503.
Dated: November 14, 2006.
Alice Bettencourt,
Office of the Secretary, Paperwork Reduction
Act Reports Clearance Officer.
[FR Doc. E6–19743 Filed 11–22–06; 8:45 am]
BILLING CODE 4151–05–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Disease Control and
Prevention
Disease, Disability, and Injury
Prevention and Control Special
Emphasis Panel: Assessment of
Proposed Revisions to the Youth
Tobacco Survey: Impact on Measures
of Youth Tobacco Use, Request for
Application Number (RFA) DP07–001
Notice of Cancellation: This notice
was published in the Federal Register
on November 15, 2006, Volume 71,
Number 220, page 66534. The meeting
previously scheduled to convene on
December 12, 2006 has been cancelled.
Contact Person for more Information:
Brenda Colley Gilbert, Acting Director,
Office of Extramural Research, National
Center for Chronic Disease Prevention
and Health Promotion, Centers for
Disease Control and Prevention, 4770
Buford Highway, NE., MS K–92,
Atlanta, GA 30341, Telephone
770.488.8390.
The Director, Management Analysis
and Services Office, has been delegated
the authority to sign Federal Register
notices pertaining to announcements of
meetings and other committee
management activities, for both CDC
and the Agency for Toxic Substances
and Disease Registry.
E:\FR\FM\27NON1.SGM
27NON1
]]>Agencies
[Federal Register Volume 71, Number 227 (Monday, November 27, 2006)]
[Notices]
[Pages 68629-68630]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-19741]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of the Secretary
[Document Identifier: OS-0990-0001]
30-Day Notice; Agency Information Collection Activities: Proposed
Collection; Comment Request
Agency: Office of the Secretary, HHS.
[[Page 68630]]
In compliance with the requirement of section 3506(c)(2)(A) of the
Paperwork Reduction Act of 1995, the Office of the Secretary (OS),
Department of Health and Human Services, is publishing the following
summary of a proposed collection for public comment. Interested persons
are invited to send comments regarding this burden estimate or any
other aspect of this collection of information, including any of the
following subjects: (1) The necessity and utility of the proposed
information collection for the proper performance of the agency's
functions; (2) the accuracy of the estimated burden; (3) ways to
enhance the quality, utility, and clarity of the information to be
collected; and (4) the use of automated collection techniques or other
forms of information technology to minimize the information collection
burden.
Type of Information Collection Request: Extension.
Title of Information Collection: Application for Waiver of the 2-
Year Foreign Residence Requirement of the Exchange Visitor Program.
Form/OMB No.: OS-0990-0001.
Use: The information requested by this form and supplementary
information sheets is used by this Department to make a determination,
in accordance with its published regulations, as to whether or not to
request from the Department of State, a waiver of the two-year foreign
residence requirement for applicants in the United States on a J-I
visa.
Frequency: Reporting Single time.
Affected Public: Not-for-profit institutions.
Annual Number of Respondents: 250.
Total Annual Responses: 250.
Average Burden Per Response: 10 hrs.
Total Annual Hours: 2500.
To obtain copies of the supporting statement and any related forms
for the proposed paperwork collections referenced above, e-mail your
request, including your address, phone number, OMB number, and OS
document identifier, to Sherette.funncoleman@hhs.gov, or call the
Reports Clearance Office on (202) 690-6162. Written comments and
recommendations for the proposed information collections must be
received within 30 days of this notice directly to the Desk Officer at
the address below:
OMB Desk Officer: John Kraemer, OMB Human Resources and Housing
Branch, Attention: (OMB 0990-0001), New Executive Office
Building, Room 10235, Washington DC 20503.
Dated: November 14, 2006.
Alice Bettencourt,
Office of the Secretary, Paperwork Reduction Act Reports Clearance
Officer.
[FR Doc. E6-19741 Filed 11-22-06; 8:45 am]
BILLING CODE 4150-38-P
