European Central Bank announces data breach
The European Central Bank announced unauthorized parties breached the security measures protecting its Banks’ Integrated Reporting Dictionary (BIRD) website, which is hosted by an external provider.
Capital One hacker may have targeted dozens more
It appears Capital One may be just one in a long list of companies and organizations to be victimized by what now appears to be the inner workings of a serial hacker, in what the Department of Justice is calling one of “the largest cyber intrusions and data thefts in ...
Data privacy vs. national security: Moving the conversation forward
Data privacy compliance and national security seem to be in opposition—with one coming at the expense of the other. It’s time to instead focus the conversation on identifying opportunities for the private sector and government to collaborate.
How GDPR, CCPA impact healthcare compliance
While most healthcare organizations have pretty much nailed down their data privacy requirements for HIPAA and HITECH, new privacy mandates under the GDPR and CCPA could throw a wrench into the system.
Facebook loses appeal, faces costly privacy class action
The ruling of a federal appeals court has Facebook once again at risk of facing fines north of $1 billion for alleged misuse of users’ biometric data.
Facebook, Libra questioned by global data leaders
Data privacy leaders from the United States, United Kingdom, European Union, and Canada are among a group to come together and voice their concerns over Facebook’s planned venture into the cryptocurrency space with Libra.
White paper: Workforce Optimization and Data Privacy Compliance
With at least five regulations already in place and the California Consumer Privacy Act (CCPA) on the horizon, it is time to start thinking ahead to ensure your organization can meet many different compliance requirements.
Capital One announces massive data breach
Capital One Financial announced a hacker obtained the personal information of approximately 100 million individuals in the United States and approximately six million individuals in Canada.
EU assessment: GDPR showing results, but ‘work needs to continue’
The EU’s tough new data rules are “bearing fruit,” but some member states have still not put GDPR into law, and only 20 percent of EU citizens seem aware of which public authority is responsible for protecting their personal information.
Facebook settlement was barely worth waiting for
The compliance aspects of what will be expected of Facebook going forward were fair enough, but a lack of personal liability has us questioning the settlement.
The Facebook Effect: ‘Price of privacy violations just went up’
The FTC hit Facebook with a ground-breaking $5 billion penalty for privacy violations, but the bigger takeaway for CCOs is the unprecedented new privacy and corporate governance obligations the company must implement.
Facebook to pay $100M for misleading disclosures
In addition to its record-breaking FTC fine, Facebook on Wednesday reached a $100 million settlement with the SEC for making misleading disclosures regarding the risk of misuse of its user data.
Lesson from Equifax penalty (at least $575M): Breach ‘entirely preventable’
What resulted in the largest-ever breach of consumer data culminated in the largest data breach enforcement action in history.
What we can learn from the biggest GDPR fines so far
Recent record-breaking fines for GDPR violations levied on British Airways and Marriott by the U.K. Information Commissioner’s Office offer a glimpse into what GDPR enforcement might look like going forward and serve up a warning to companies that data privacy protocols must be foolproof.
All eyes on how Ireland will handle Big Tech and GDPR
Ireland—home EU regulator to Big Tech firms including Google, Twitter, and Facebook—is the key country not to have issued a GDPR-related fine yet, though the regulator has said it has started at least 19 inquiries into the sector.
GDPR enforcement varies widely by country
Most EU countries have now issued fines under the GDPR. Determining which are the toughest enforcers depends on one’s viewpoint—we lay out country-by-country look at the enforcement trends to date.
Congress, Treasury take swings at Facebook’s Libra plan
A plan by Facebook to enter the world of virtual currency is attracting predictable skepticism in Washington. It could also expedite the slow emergence of national data protection laws.
FTC looks worryingly timid in staying silent on Facebook
The FTC, by dragging its feet and keeping silent on a massive Facebook fine, raises concerns about its potential role as top cop on the data privacy beat.
After another arrogant move, Facebook needs to be put in check
The social media company is hardly quiet about its crypto initiative, but nevertheless failed to see the materiality of creating a global payments system.
Fed Chair urges caution with Facebook virtual currency venture
Count Federal Reserve Chairman Jerome Powell and several members of Congress as concerned observers of Facebook’s planned foray into the world of virtual currency.
Marriott reveals $124M GDPR fine for data breach
Marriott has disclosed in a filing with the SEC that the U.K.’s Information Commissioner’s Office intends to fine it roughly £99 million (U.S. $124 million) for infringements of the EU’s GDPR.
U.K.'s CMA mulls new regulator to tackle Big Tech
The CMA, U.K.’s competition watchdog, explores whether a separate regulator is needed to oversee leading digital firms that have become “data monopolies” that stifle competition.
British Airways faces record-setting GDPR fine of $230 million
British Airways was hit Monday with the largest penalty to date under the EU’s GDPR, a £183.39m (U.S. $230 million) fine stemming from the compromised data of nearly 500,000 customers.
FTC expands scope of data security compliance requirements
The FTC is turning up the heat on the data security compliance requirements companies must meet in the event of an enforcement action following a data breach.
Facebook exec echoes calls for regulation
One of Facebook’s top executives added his voice to the growing movement among technology firms that the sector cannot police the internet on its own.
Vote: Would you give up social media use for lifetime data privacy?
Would you give up social media for life in order to guarantee a lifetime of data privacy? According to a study by global cyber-security company Kaspersky, nearly 4 in 10 (38 percent) consumers would.
Congress takes aim at Big Tech with new bills
Bills working through Congress would make it harder for tech companies to profit from consumer data and force them to better secure networked devices.
Pols target medical billing company at center of data breach
Senators are seeking answers from American Medical Collection Agency, the third-party billing agency at the center of a recent data breach that compromised the personal, financial, and medical information of 20 million patients.
FTC warns of false compliance with EU-U.S. Privacy Shield
The Federal Trade Commission is warning over a dozen companies in the form of letters not to falsely claim participation in the EU-U.S. Privacy Shield program.
Despite critics, Facebook plunges into virtual currency
Amid growing antitrust scrutiny and data privacy complaints, Facebook is nevertheless expanding into the cryptocurrency space.
French real estate company fined €400,000 for GDPR violations
France’s data watchdog CNIL levied a €400,000 (U.S. $453,000) fine on real estate services provider Sergic for failing to adequately protect the data of its Website’s users.
States continue to fill federal data privacy void
While Congress largely remains mired in hearings and pre-election posturing, states are increasingly putting their own scrutiny on large tech companies and their data collection policies.
EDPS flags data protection issues on EU institutions’ Websites
Seven our of 10 major EU Websites have issues relating to data security and protection, according to an inspection by the European Data Protection Supervisor.
EDPB adopts final Codes of Conduct guidelines
European data protection authorities met on June 4 to discuss guidelines for Codes of Conduct in relation to the General Data Protection Regulation.
ICO: U.K. companies can expect large GDPR fines soon
Year 1 under the General Data Protection Regulation saw no fines handed out in the United Kingdom. Year 2 could be a much different story,
Privacy groups launch GDPR complaints
European privacy rights groups have launched a campaign to stop social media platforms and internet search engines from “spying” on users through online advertising by filing GDPR complaints with nine EU data regulators.
‘Context’ matters in AI decision making, says ICO
Transparency for all AI-generated decisions is not as important as context, according to new research from U.K. data regulator the Information Commissioner’s Office.
How to Tackle CCPA Compliance – Expert Guidance and Benchmarking Insights
Whether you’re starting from scratch or leveraging an existing privacy program, developing the processes required for California Consumer Privacy Act (CCPA) compliance can be challenging. From understanding the regulation and all of its nuances, to managing requirements including data inventories, risk assessments and consumer access requests, most companies need help ...
e-Book: Riding California’s Wave of Regulatory Developments
California has not only been on the forefront of emerging technologies, it’s also been the most active state when it comes to regulating that new tech, especially when it comes to data privacy.
One year in, no fines yet from U.K. regulator on GDPR
A Freedom of Information Act request shows Britain’s data protection watchdog has imposed just 29 financial penalties in the last year, none of which came under the EU’s General Data Protection Regulation.
Ireland investigates Google over GDPR
The Irish Data Protection Commission is investigating whether Google’s online Ad Exchange violated General Data Protection Regulation provisions.
Happy birthday, GDPR: A look back at Year 1
As the EU’s General Data Protection Regulation celebrates its first “birthday,” an expert panel met at Compliance Week 2019 to share their experiences in prepping, implementing, and following up.
Happy Birthday GDPR
As General Data Protection Regulation (GDPR) completes one year and other global and national trends in data privacy regulations such as CCPA, NYSDFS are rolling out, a discussion with leading insurers is imperative.
Major changes to California privacy law likely scuttled
An initiative to strengthen and enhance the California Consumer Privacy Act was basically left for dead in that state’s legislature.
EU data supervisor warns online providers about Ts & Cs
The European Data Protection Supervisor is warning social media and tech companies that their consumer terms and conditions may soon come under increased scrutiny if they fail to comply with the agency’s rules.
Washington state privacy legislation fades, for now
The second proposed data privacy regulation in the nation has failed to come to fruition for the time being.
Survey: Companies just starting to prepare for CCPA
A new study from Compliance Week and TrustArc says companies are not yet prepared for the coming California Consumer Privacy Act, the Golden State’s version of the EU’s GDPR.
EDPS investigating contractual arrangements concerning software used by EU firms
The European Data Protection Supervisor, which is responsible for enforcing and monitoring EU companies’ compliance with data protection rules, said it is has launched an investigation into the compliance of contractual arrangements between EU institutions and Microsoft.
Facebook’s Zuckerberg supports U.S. version of GDPR
On his own company blog, Facebook CEO Mark Zuckerberg voiced his support for implementing a U.S. version of the European Union’s General Data Protection Regulation.
2019’s Key Tech Trend for Capital Markets? That’s Private
To get the full use of your data as data privacy rules increase, you need an innovative technology approach.