Data Privacy


Citi

Premium

Citi report: GenAI revolution will bring increased need for compliance

2024-06-21T18:28:00+01:00By

A new report on the use of artificial intelligence use in financial services predicts that the technology will drive profits, disruptions, and change over the next decade.

OCC

News Brief

OCC emphasizes compliance’s role in FI’s operational resiliency

2024-06-20T15:40:00+01:00By

Compliance departments at financial institutions must become more involved in ensuring their firm’s operational resiliency to address emerging risks, the Treasury Department’s Office of the Comptroller of the Currency said in its semi-annual risk perspective.

SEC office

News Brief

SEC orders R.R. Donnelley to pay $2.1M over cyber-related control violations

2024-06-20T14:45:00+01:00By

A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission over cybersecurity-related control violations.

DOJ

News Brief

DOJ orders consultants to pay $11.3M total for cyber rule violations

2024-06-18T19:49:00+01:00By

Guidehouse and Nan McKay and Associates will pay a total of $11.3 million to the Department of Justice (DOJ) to settle allegations that cybersecurity failures led to the theft of client personal information during the height of the COVID-19 pandemic.

columnist dale

Opinion

Top-of-mind takeaways from TPRM Summit

2024-06-17T21:11:00+01:00By

Top-of-mind issues addressed at Compliance Week’s Third-Party Risk Management & Oversight Summit, held June 3-4 in Atlanta, included safe deployment of artificial intelligence, assessing vendor viability and sustainability, understanding the role of procurement in risk ranking, the intersection (or lack thereof) between data privacy and cybersecurity, and many others.

/web/img/field/image/privacy.jpg

Basic Page

Vermont governor vetoes privacy bill, legislature plans override vote

2024-06-17T18:23:00+01:00By

Vermont Republican Gov. Phil Scott vetoed a data privacy bill approved by the state’s Democrat-led legislature, which plans an override vote this week.

DOJ

News Brief

Cerebral set to pay $7M over alleged patient data sharing

2024-06-12T02:05:00+01:00By

The Department of Justice and Federal Trade Commission proposed telehealth company Cerebral pay a total of $7 million for its alleged sharing of patient data and deceptive business practices in violation of the FTC Act.

Texas Capitol

News Brief

​Texas touts team ‘among the largest in the country’ to enforce privacy laws

2024-06-07T13:40:00+01:00By

The state of Texas forecasted “aggressive enforcement” of its upcoming data privacy law with the announcement of a dedicated team to oversee its implementation.

Business data

Premium

Big Tech data for finance: Will FCA plans set trend?

2024-06-04T12:26:00+01:00By

Plans in the United Kingdom to share Big Tech data with financial services firms could prompt other industry regulators to follow suit or result in “unintended consequences” that see Meta, Google, and others growing market share.

Gina Nese 2000x1333

Event

Gina Nese stays ahead of the curve as CCO of the Year

2024-05-29T00:45:00+01:00By

Gina Nese, head of compliance and privacy at Align Technology, jumps at the chance to share new ideas and ways to innovate, including regarding emerging technologies like AI. Her work earned her recognition as CCO of the Year at the 2024 Excellence in Compliance Awards.

CCPAUpdate

Premium

California privacy reg seeking more input on new rules

2024-05-20T15:11:00+01:00By

Businesses will receive additional time to weigh in on proposed regulations by the California Privacy Protection Agency regarding risk assessments, cybersecurity audits, automated decision-making, and data broker registration before they’re potentially finalized later this year.

AI transformation

Premium

Survey: Compliance digital transformation hampered by data access, AI concerns

2024-05-06T09:45:00+01:00By

Few compliance teams describe their access to company data as “robust,” according to a new survey conducted by Compliance Week and NAVEX, while apprehension toward the adoption of artificial intelligence remains a hurdle for the profession to clear.

/web/img/field/image/privacy.jpg

Premium

Experts: APRA chances unlikely, more state privacy laws certain

2024-05-03T21:20:00+01:00By

The “American Privacy Rights Act” has steep hills to climb if it’s ever going to become law, but that’s no reason for businesses to delay their privacy tune-ups.

AdobeStock_316782149

News Brief

Insight Global to pay $2.7M over lax security on contact tracing data

2024-05-02T19:03:00+01:00By

Atlanta-based staffing agency In­­­­­­sight Global agreed to pay $2.7 million to settle alleged False Claims Act violations for failing to provide adequate cybersecurity on Covid-19 contract tracing data.

GDPRgavel

Premium

What’s the problem for GDPR repeat offenders?

2024-05-02T14:57:00+01:00By

The General Data Protection Regulation has been in force for nearly six years. Some industries—and some companies—have been more prone to fall foul of the rules than others.

navex thumbnail

Resource

Survey Report: The digital transformation of compliance

2024-05-02T01:46:00+01:00Provided by

A new survey conducted by Compliance Week and NAVEX on compliance team access to data and the use of artificial intelligence (AI) to analyze it found many compliance professionals lack full and transparent access to their firm’s data.

Lynn Haaland Zoom 3x2

Premium

Q&A: Zoom privacy chief on communications compliance product

2024-04-30T15:30:00+01:00By

Zoom Chief Privacy Officer Lynn Haaland discusses with Compliance Week the market forces that led the company to offer Zoom Compliance Manager, which helps firms handle off-channel communications issues on the platform.

T-Mobile

News Brief

FCC finalizes $196M in fines against telecoms for sharing location data

2024-04-29T20:30:00+01:00By

The Federal Communications Commission fined telecommunications giants T-Mobile, Sprint, AT&T, and Verizon a total of approximately $196 million for allegedly selling customers’ location data to third parties without consent.

TikTok

News Brief

TikTok scrutiny mounts across globe amid EU, U.S. crackdowns

2024-04-26T17:40:00+01:00By

TikTok is suspending new features amid an inquiry by the European Commission into its compliance with the Digital Services Act, all while responding to a U.S. ban just signed into law.

Avast

News Brief

Czech DPA fines Avast $15M over GDPR violations

2024-04-25T16:33:00+01:00By

The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.

EU data flag

Premium

EDPB decision sparks ‘consent or pay’ debate for Big Tech firms

2024-04-19T19:16:00+01:00By

Big Tech firms might need to rethink their plans to charge users for not selling their personal data for behavioral advertising following a decision by Europe’s primary data regulator.

Temu_Web

News Brief

U.S. senator calls for Temu ban over forced labor, privacy concerns

2024-04-17T16:32:00+01:00By

Sen. Tom Cotton (R-Ark.) is calling on the Biden administration to investigate and ban Chinese e-commerce company Temu over forced labor and data privacy violation concerns.

Facial recognition scan

Premium

Focused on consumer privacy? Don’t forget employees’ rights

2024-04-17T15:09:00+01:00By

The implications of a privacy rights case involving a U.K.-based Uber Eats driver underscore a popular belief that companies prioritize protecting the personal information of their customers over the data rights of their employees.

U.S. privacy

News Brief

Key lawmakers put forward bipartisan American Privacy Rights Act

2024-04-08T20:39:00+01:00By

A bipartisan consumer privacy bill released by Sen. Maria Cantwell (D-Wash.) and Rep. Cathy McMorris Rodgers (R-Wash.) would provide the broad, comprehensive protections businesses and Americans have called for, according to the lawmakers.

California flag

News Brief

CPPA warns of collecting too much data in first enforcement advisory

2024-04-05T19:40:00+01:00By

The California Privacy Protection Agency warned businesses to stop asking for excessive information from consumers who have requested to opt out of having their data collected or who are otherwise exercising their privacy rights under the California Consumer Privacy Act.

Hodge_opinion

Opinion

New leadership no easy fix for Irish DPC’s GDPR woes

2024-03-29T13:41:00+00:00By

The Irish Data Protection Commission has a new leadership structure, but it is uncertain whether the changes can get the key privacy regulator caught up on enforcement of the General Data Protection Regulation.

UK privacy

Premium

ICO primed for enforcement increase behind new fining guidance?

2024-03-25T13:36:00+00:00By

The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.

DOT_web

News Brief

DOT launches first data privacy review of 10 biggest airlines

2024-03-22T16:27:00+00:00By

The U.S. Department of Transportation is looking to thwart the nation’s 10 largest airlines from monetizing passenger data or selling it to third parties.

Privacy Shield

Premium

Privacy by design a silver bullet for stemming AI risks?

2024-03-15T17:41:00+00:00By

The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.

UniCredit

News Brief

​Italian DPA fines UniCredit $3M over data breach GDPR lapses

2024-03-11T15:54:00+00:00By

The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.

Data sharing

Premium

FTC ‘will not stand for’ misuse of browsing, location data

2024-03-07T22:33:00+00:00By

The Federal Trade Commission is amid a crackdown on businesses misusing browsing and location data that provide enough information to be used to identify nonconsenting consumers.

fti300x200

Webcast

CPE Webcast: Applying traditional TPRM security and data privacy practices in the digital space

2024-03-05T14:00:00+00:00Provided by

This webinar explores the compliance challenges posed by evolving privacy regulations and the recent explosion of class-action litigation arising from third-party advertising technology on websites.

White House

News Brief

Biden executive order to target commercial data broker activities

2024-02-28T20:36:00+00:00By

A new executive order seeks to put clamps on the sale of Americans’ personal data by data brokers and other companies to certain countries found to be of national security concern.

Avast

News Brief

Avast to pay $16.5M in FTC case over deceptive data selling

2024-02-22T22:14:00+00:00By

The Federal Trade Commission proposed Avast pay $16.5 million and be prohibited from selling any browser data to settle charges the software provider sold consumer information to third parties after promising it would not.

DoorDash

News Brief

DoorDash fined $375K in second public CCPA enforcement

2024-02-22T12:54:00+00:00By

Food delivery company DoorDash agreed to pay a $375,000 fine as part of a settlement announced by California Attorney General Rob Bonta addressing alleged violations of the California Consumer Privacy Act.

GDPR EU flag

Premium

Public consultation on GDPR opens door for changes

2024-02-20T14:24:00+00:00By

Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.

Teamwork

Premium

LRN survey: Compliance programs shifting focus from bribery, corruption

2024-02-16T22:35:00+00:00By

Many ethics and compliance programs have refocused their efforts away from bribery and corruption and onto data security and privacy, complex government regulations, artificial intelligence security, and other contemporary challenges, a survey from LRN found.

Cloud Computing

Premium

Toeing the ‘fine line’ of cloud security compliance

2024-02-14T22:26:00+00:00By

When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.

Employee monitoring

Premium

The blurred lines of employee monitoring under GDPR

2024-02-09T20:03:00+00:00By

The French data regulator’s fine against an Amazon warehouse manager for violating employees’ rights to privacy in the workplace once again raises questions about what constitutes an overzealous approach to employee monitoring and why companies fail to recognize the signs.

Amazon warehouse

Premium

Examining precedent set by French DPA’s Amazon employee monitoring fine

2024-02-07T18:03:00+00:00By

The decision by France’s data regulator to fine an Amazon warehouse manager for breaches of the General Data Protection Regulation over the way it monitored employee productivity raises questions about the reach data protection authorities have over corporate conduct.

Google HQ

News Brief

Alphabet to pay shareholders $350M over Google+ privacy lapses

2024-02-07T18:00:00+00:00By

Alphabet, the parent company of technology giant Google, agreed to pay $350 million in a preliminary settlement with shareholders over alleged data privacy violations and materially false and misleading statements linked to now-defunct social media site Google+.

Data privacy

Premium

Compliance with growing number of U.S. privacy laws ‘a matter of culture change’

2024-02-07T14:00:00+00:00By

Different deadlines associated with the 13 U.S. state privacy laws currently on the books, including grace periods and enforcement dates, have proven challenging for compliance, experts discussed at CW’s Cyber Risk & Data Privacy Summit.

Uber

News Brief

Uber facing $11M fine over driver privacy rights violations

2024-02-05T19:38:00+00:00By

Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.

Meta Platforms

Premium

Meta’s ‘pay or consent’ model to force GDPR to adapt?

2024-01-31T14:52:00+00:00By

Experts weigh in on Meta’s plans to charge EU users monthly if they do not want to be tracked for online advertising and what the ramifications of the model would mean for the future of the General Data Protection Regulation.

California flag

News Brief

Calif. AG launches sweep into streaming apps’ compliance with CCPA

2024-01-29T18:04:00+00:00By

California Attorney General Rob Bonta announced the launch of an investigative sweep targeting popular streaming apps and devices, alleging noncompliance with the California Consumer Privacy Act.

ICO

News Brief

ICO seeking input on generative AI to inform guidance

2024-01-25T21:38:00+00:00By

The U.K. Information Commissioner’s Office is seeking input from developers, users, and those interested in generative artificial intelligence to help inform policy and guidance regarding the technology.

Amazon trucks

News Brief

Amazon unit fined $35M under GDPR for employee productivity tracking

2024-01-24T03:50:00+00:00By

Amazon’s warehouse management arm in France was assessed a penalty of €32 million (U.S. $35 million) for violating the General Data Protection Regulation by excessively tracking the productivity of employees.

Microsoft store

News Brief

GDPR-minded Microsoft offers cloud customers EU-based personal data storage

2024-01-12T18:41:00+00:00By

Microsoft announced an expansion to its European Union data storage efforts that would allow cloud customers to keep all personal data stored within the EU boundary.

Location data

News Brief

FTC bans Outlogic from selling sensitive location data in landmark action

2024-01-09T21:03:00+00:00By

Data broker Outlogic will be subject to the Federal Trade Commission’s first ban on the use, sale, or disclosure of sensitive location data as part of a proposed order announced by the agency.

California

Premium

CPPA preview: Cybersecurity audit regs nearing formal proposal

2024-01-09T20:16:00+00:00By

Companies with business in California could face tough new cybersecurity mandates under draft regulations that could be headed for formal rulemaking as soon as Friday.