Data Privacy


britishairways_216861912214608

Anatomy of a 90% fine reduction: How BA saved $200M on GDPR penalty

2020-10-16T19:44:00+01:00By

The U.K. Information Commissioner’s Office agreed to slash its intended GDPR fine for British Airways from £183.39 million (U.S. $230 million) to just £20 million (U.S. $26 million). What was behind the massive reduction?

GDPR

Corrective action could trump fines as GDPR evolves

2020-10-14T16:32:00+01:00By

Experts discuss whether EU data protection authorities would be better served using corrective actions other than eye-watering fines to encourage companies to commit to best (and legal) GDPR practices.

erwin cover img

White paper: The Data Trinity: Governance, Security & Privacy

2020-10-14T07:50:00+01:00Provided by

Creating policies for data handling and accountability and driving culture change so people understand how to properly work with data are two important components of a data governance initiative, as is the technology for proactively managing data assets.

Nailedit1200x800

EY allegedly flubbed Wirecard dealings worse than we thought

2020-10-02T17:05:00+01:00By Compliance Week

In this week’s “Nailed It or Failed It,” we take down EY and JPMorgan Chase for apparently ignoring whistleblowers and give the SEC a nod for rewarding them.

H&M

H&M Germany fined $41.3M in one of largest GDPR penalties

2020-10-01T16:56:00+01:00By

In one of the largest GDPR fines imposed, a regional data protection authority in Germany fined H&M Germany €35.2 million (U.S. $41.3 million) for excessive monitoring of several hundred employees by one of the retailer’s subsidiaries.

Health records

Breach costs Premera Blue Cross $6.85M; second-largest HIPAA fine

2020-09-28T21:24:00+01:00By

Premera Blue Cross has agreed to pay $6.85 million in a settlement with the U.S. Department of Health and Human Services regarding a 2014 data breach that affected the personal and health plan information of over 10.4 million people.

Nailedit1200x800

BoA a silver lining in damning ‘FinCEN Files’ report; Wells Fargo CEO puts foot in mouth

2020-09-25T20:27:00+01:00By Compliance Week

Bank of America gets a pat on the back for going beyond an “observe and report” approach to filing a SAR, and we learned this week that Wells Fargo’s CEO needs a little unconscious bias training.

GDPR

Companies face greater risk as GDPR class actions emerge

2020-09-24T18:00:00+01:00By

In the past month three of the world’s largest tech firms have been hit with legal actions that could lead to billion-dollar damages suits for alleged violations of the GDPR. Neil Hodge explores the trend and what to expect moving forward.

Roger Wicker

Déjà vu: Senate committee revisits need for federal privacy law

2020-09-23T19:55:00+01:00By

Nearly a year since their last hearing to discuss the urgent need for a federal privacy law in the United States, the Senate Committee on Commerce, Science, and Transportation largely remains stuck in neutral.

California

What CCPA-affected businesses need to know about California’s next privacy initiative

2020-09-21T16:36:00+01:00By

Businesses with operations in California should expect their data privacy compliance obligations to get a lot more complicated next year with the California Privacy Rights Act expected to pass in November.

opentext data privacy cover img

e-Book: Companies still wrestle with data privacy regulation

2020-09-15T04:15:00+01:00Provided by OpenText

This e-Book offers results from a recent Compliance Week and OpenText survey exploring why companies are still struggling with California Consumer Privacy Act compliance.

Youtube

U.K. lawsuit seeks $3.2B from YouTube for violating children’s privacy

2020-09-14T19:29:00+01:00By

A first-of-its-kind lawsuit in the U.K. alleges YouTube unlawfully collects personal information from children without parental consent and harvests their data for advertising purposes, in violation of British and European data privacy laws.

Nailedit1200x800

Credit to JPMorgan Chase in this week’s banking-themed naughty/nice list

2020-09-10T21:14:00+01:00By Compliance Week

JPMorgan Chase, Danske Bank, Deutsche Bank, and Bank of America all either “Nailed It” or “Failed It” this week.

Facebook

Ireland’s order to Facebook to halt data transfers could have ‘profound’ impact

2020-09-10T16:06:00+01:00By

The Irish DPC’s order to Facebook to halt the transfer of European citizens’ personal data to the United States could pose operational and legal challenges that set a precedent for not only other tech giants, but companies generally.

Privacy Shield

More Privacy Shield fallout: Swiss-U.S. pact ruled inadequate

2020-09-09T18:57:00+01:00By

The Swiss Federal Data Protection and Information Commissioner believes the Swiss-U.S. Privacy Shield “does not provide an adequate level of protection for data transfer from Switzerland to the US.”

EU US privacy

European Commission: No Privacy Shield replacement in sight

2020-09-04T15:57:00+01:00By

The European Commission this week warned there will be “no quick fix” to replace the now-invalidated Privacy Shield, which governed data transfers between the European Union and United Sates.

Nailedit1200x800

Credit social media giants for prepping for election chaos

2020-09-03T18:12:00+01:00By Compliance Week

Silicon Valley’s social media heavyweights deserve a nod for “war-gaming” potential misinformation scenarios in advance of November’s elections, while McDonald’s again finds itself on our “Not Lovin’ It” list.

exterro300x200

CPE Webcast: How to minimize privacy risks and maintain regulatory compliance

2020-09-03T14:00:00+01:00Provided by

Establishing an effective data retention policy is a key step in managing and protecting one of your organization’s most valuable assets: it’s data.

proofpoint300x200

CPE Webcast: Capturing, managing communications data in modern enterprise

2020-09-01T14:00:00+01:00Provided by

Today’s employees and customers generate a lot of communications data, in a lot of formats and in a lot of locations, from computers and on prem servers to mobile devices and the cloud.

Privacy Shield

EU data authorities take different approaches to Privacy Shield ruling

2020-08-28T18:12:00+01:00By

It appears Europe’s data authorities are prepared to interpret a key court judgement as they see fit in the absence of definitive guidance from the bloc’s primary privacy regulator.

Nailedit1200x800

Credit to KPMG for shining a light on fraud at Wirecard

2020-08-27T15:08:00+01:00By Compliance Week

A scathing report on the extensive fraud at German payment giant Wirecard had a compliance silver lining: KPMG’s by-the-books, transparent approach to a special audit helped bring that fraud to light.

aparavi300x200

CPE Webcast: Surviving the next chapter of CCPA and unstructured data management

2020-08-27T14:00:00+01:00Provided by

The California Consumer Privacy Act (CCPA) caused many U.S. companies to rethink their approach to data privacy when the law went into effect on January 1, 2020, and again when enforcement began on July 1, 2020.

Twitter

Clash over draft Twitter GDPR decision exposes differences among EU authorities

2020-08-26T14:23:00+01:00By

As Ireland’s first GDPR decision against Big Tech hangs in limbo, experts are scratching their heads as to why a seemingly straightforward case is headed to the EU’s data governing body to rule on.

SEChq

SEC wants to curb sensitive data contained in CAT submissions, EDGAR filings

2020-08-24T16:06:00+01:00By

Rule changes proposed by the SEC seek to limit the amount of personally identifiable information required in data submitted to the Consolidated Audit Trail and for public company filings.

Nailedit1200x800

Jury’s out on Wells Fargo compliance moves; Twitter #fail for Irish DPC

2020-08-20T18:33:00+01:00By Compliance Week

While it’s not yet clear whether Wells Fargo’s compliance moves (including the loss of its CCO) will pay off, we’re much more certain about the Irish Data Protection Commission’s stance on a potential Twitter fine.

Employee monitoring

How far is too far with employee monitoring? Barclays case could offer litmus

2020-08-20T14:54:00+01:00By

The U.K. Information Commissioner’s Office is investigating allegations that Barclays Bank had effectively been spying on employees by using an intrusive software system that monitored workers’ activity.

EU US privacy

EU privacy advocate targets Facebook, Google in latest salvo

2020-08-19T20:02:00+01:00By

Privacy campaign group NOYB has filed complaints against 101 websites with European operators that it says are still sending data to the U.S. via Google and/or Facebook integrations—potentially in breach of the EU’s strict data privacy rules.

columnist icons - kyle

Trump’s TikTok crusade a hollow win for privacy

2020-08-19T16:44:00+01:00By

There’s no questioning the need to protect the data of U.S. citizens from China, but it’s naïve to think pressuring TikTok to take up a U.S. owner is anything more than a hollow victory given our lack of federal oversight in the area of privacy.

Salesforce

Oracle, Salesforce targeted in class-action GDPR lawsuits

2020-08-17T20:51:00+01:00By

A European privacy group is pursuing multiple class-action lawsuits against Oracle and Salesforce for alleged violations of the EU’s General Data Protection Regulation, estimating damages sought could exceed €10 billion (U.S. $11.9 billion).

exterro data privacy cover img

e-Book: Data privacy back in the spotlight

2020-08-17T04:25:00+01:00Provided by

With the California Consumer Privacy Act enforcement deadline finally upon us, data privacy concerns are once again a focus of U.S. corporations.

Nailedit1200x800

McDonald’s handling of ex-CEO scandal gets compliments, criticism

2020-08-13T14:37:00+01:00By Compliance Week

A fresh podcast from the Theranos whistleblower and a new compliance association for Black practitioners get a round of applause from us this week, while a complicated case involving McDonald’s lands the company on both the “Nailed It” and “Failed It” lists.

columnist_nicodemus

Without guidance, U.S. companies in limbo after Privacy Shield scrapped

2020-08-12T19:31:00+01:00By

Despite a recent court ruling to scrap the EU-U.S. Privacy Shield, the program is apparently still alive and well in the United States. It’s time to move on, writes Aaron Nicodemus.

CCPA-OpenText

Survey: Companies say lack of guidance, budget restrictions hamper compliance with CCPA

2020-08-12T19:13:00+01:00By

Complying with provisions of the California Consumer Privacy Act continues to be difficult for many companies, according to a new survey from Compliance Week and OpenText.

Nailedit1200x800

CCOs show resilience in early survey data; compliance-blind NRA in crosshairs

2020-08-06T20:41:00+01:00By Compliance Week

The National Rifle Association “Failed It” big time if a suit alleging a lack of compliance controls proves true. Meanwhile, we tip our caps to the stalwart CCOs who carry on despite a cut in pay and resources due to the pandemic.

Twitter

Twitter could face up to $250M FTC fine for misuse of data

2020-08-04T15:34:00+01:00By

Twitter disclosed in a regulatory filing that it could face fines of up to $250 million by the Federal Trade Commission for misusing people’s personal information for advertising purposes.

Europedata

Five tips for EU-U.S. data transfers post-Privacy Shield

2020-08-04T15:21:00+01:00By

As the fallout from the demise of the Privacy Shield continues to play out, here are a handful of steps companies can take to protect themselves from potential GDPR violations when transferring data between the European Union and the United States.

British Airways

British Airways banking on drastic reduction of record GDPR fine

2020-08-03T21:04:00+01:00By

British Airways has hinted that it will qualify for a nearly 90 percent reduction of its original GDPR fine (U.S. $230 million) and end up paying just $26 million.

Egnyte smart content cover img

White paper: Smart Content Governance - Unleash the Power of the Modern Cloud-based Office

2020-07-28T02:06:00+01:00Provided by

Now more than ever, companies need strong data governance that can be applied across multiple repositories, apps, and devices, no matter where work gets done.

EU US privacy

Companies paying price for EU-U.S. Privacy Shield removal

2020-07-27T21:43:00+01:00By

The legal and financial burden for companies to comply with the recent ruling to invalidate the EU-U.S. Privacy Shield might actually be worse than first thought, if an FAQ from the European Data Protection Board is any indication.

kroll 300x200

CPE Webcast: Minimize exposure to supply chain regulatory and privacy risks

2020-07-23T14:00:00+01:00Provided by

Join Kroll for an opportunity to learn how you can help your organization better minimize risks in the post-COVID-19 world.

Nailedit1200x800

Nailed It or Failed It? Disney sends anti-hate message to Facebook

2020-07-22T18:30:00+01:00By Compliance Week

In this week’s “Nailed It or Failed It?”, Disney gets kudos for throwing its weight behind the #StopHateForProfit protest, while PG&E earns criticism after being found responsible for yet another California wildfire.

Europe Justice

Europe’s top court strikes down U.S.-EU data transfer rule

2020-07-16T15:21:00+01:00By

In a surprise decision that will have a major impact on trans-Atlantic data transfers, Europe’s top court ruled Thursday that a mechanism used by thousands of companies to send data to the United States is unlawful.

Nailedit1200x800

Nailed It or Failed It? Twitter’s meltdown exposes major vulnerability

2020-07-16T09:29:00+01:00By Compliance Week

In this week’s “Nailed It or Failed It?”, we reflect on the most troubling aspect of Wednesday’s giant Twitter hack while giving Wells Fargo a rare kudos for being good corporate citizens.

Walmart

Walmart latest hit with CCPA-related lawsuit

2020-07-15T19:41:00+01:00By

Consumers are using the newly enforceable California Consumer Privacy Act to sue companies they say have mishandled their data. Walmart is the latest and most high-profile to be slapped with a lawsuit.

GDPRgavel

Italian telecom fined $18.6M for violating GDPR data collection rules

2020-07-14T19:49:00+01:00By

Italian telecommunications operator Wind Tre S.p.A has been fined approximately €16.7 million (U.S. $18.6 million) for violating data collection provisions of the EU’s General Data Protection Regulation.

Googlecrop

Google fined $670K for violating GDPR’s ‘right to be forgotten’

2020-07-14T18:24:00+01:00By

Belgium’s Data Protection Authority fined Google Belgium €600,000 (U.S. $670,000) for refusing to delete search results linked to a Belgian public official, a provision of the GDPR know as the “right to be forgotten.”

Nailed It Failed It

Kudos to TikTok, tech brethren; Starbucks & Luckin have us soured on coffee cos.

2020-07-09T19:36:00+01:00By Compliance Week

In the inaugural edition of our weekly “Nailed It or Failed It?” feature, we give TikTok and other tech companies a pat on the back and shake our heads at the actions of Starbucks and Luckin Coffee.

microsoft 300x200

CPE Webcast: CCPA - The California AG is ready. Are you?

2020-07-07T14:00:00+01:00Provided by Microsoft

With the CCPA being the most important privacy and data security law ever to be enacted in the United States, it will bring a sea of change in the way businesses manage and communicate with consumers about personal data.

David Lefort

Market forces, not regs, leading the charge for data privacy

2020-06-30T19:13:00+01:00By

Data privacy is about to become a more tangible concept to Americans not due to regulation like the CCPA, but because the most influential brand in the nation is making it a pillar of how it does business.

exterro300x200

CPE Webcast: Data breach litigation post CCPA

2020-06-30T14:00:00+01:00Provided by

The biggest impact on business post CCPA, and presumably subsequent state regulations, is the impact on data breaches.