Lessons from Zoom: Coronavirus exposes videoconference risks
Stay-at-home orders during the coronavirus pandemic have led to explosions of use for popular videoconferencing platforms, some of which have struggled to adjust to new privacy concerns.
Latest Marriott breach exposes 5.2M guests
Marriott International says a breach may have compromised the personal data of 5.2 million customers, the second significant data breach for the hotel chain since 2018.
App offers $1M bounty for proof of alleged hacking smear campaign
Popular face-to-face social networking app Houseparty is on the defensive amid claims of a data breach, offering a $1 million bounty for proof in what it believes may be a “paid commercial smear campaign.”
8 compliance challenges facing European companies in coronavirus crisis
Due diligence, data, solvency, and supply chain management risks are just some of the issues Europe’s employers are struggling with as normal business has come to a standstill during the coronavirus pandemic.
Webcast: How plaintiffs weaponize CCPA and privacy laws
You’re in charge of mitigating risk and protecting your organization. But how do you develop the best strategy when you aren’t sure what your opponents’ plans are? Understand how to develop a strategy that meets compliance regulations, while mitigating inevitable legislation.
CCPA, SHIELD Act to take back seat during coronavirus pandemic?
With state attorneys general now fixated on “stay at home” directives amid the coronavirus pandemic, oversight of data privacy regulation may dip. But consumers—and the plaintiffs’ bar—are still watching.
Confusion around GDPR during coronavirus prompts EDPB response
The European Data Protection Board has released a statement attempting to clarify how personal data can be processed by companies during the ongoing coronavirus pandemic.
Study: Fear of data breaches stifling bank innovation
Research by consultancy firm Accenture shows companies in financial services are more concerned with guarding themselves against the impact of a data breach than realizing any financial benefits of using the data.
5 tips to immunize yourself against coronavirus-emboldened hackers
In this time of fear and uncertainty, it’s more critical than ever to practice good cyber-security hygiene (just think of it as the technical version of proper handwashing).
Advice for European compliance officers dealing with coronavirus
Although the coronavirus situation is constantly changing, lawyers say there are several areas of corporate life that are going to test compliance officers and which management will need greater assurance on.
EDPB chair: Processing personal data in the context of coronavirus
The chair of the European Data Protection Board addresses things companies need to consider as they process different types of personal data in the context of the coronavirus.
Swedish watchdog fines Google $7.6M for GDPR non-compliance
Google has received its second fine to date for violating Europe’s General Data Protection Regulation; Sweden’s Data Protection Authority fined the internet giant 75 million Swedish Kroner (U.S. $7.6 million).
T-Mobile data breach: A cautionary tale for all companies
For the second time in a matter of four months, T-Mobile announced it has suffered a data breach. Cyber-security experts say it’s a cautionary tale about the vulnerabilities of e-mail accounts that are not properly secured.
Virgin Media could face GDPR pressure after data breach
Virgin Media is likely to be in the GDPR crosshairs after disclosing a recent breach that affected approximately 900,000 customers to the U.K.’s data regulator.
GoodRx’s mea culpa: Lessons for internet companies handling personal health data
Telemedicine platform GoodRx has committed to enhancements of its consumer data protection after Consumer Reports called out its sharing practices regarding personal health information.
U.K.’s ICO fines Cathay Pacific for pre-GDPR breach
The U.K. Information Commissioner’s Office has fined airline Cathay Pacific £500,000 (U.S. $643,000) for failing to protect the personal data of millions of customers.
FCC proposes fines against T-Mobile, AT&T, Verizon, Sprint
The FCC proposed fines against the four largest wireless carriers in the United States for allegedly selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access.
California AG seeks federal data privacy legislation modeled on CCPA
In a letter to Congressional committee leaders, California Attorney General Xavier Becerra suggests any federal data privacy law should still allow states to have parallel enforcement authority as well as their own laws.
Controversial facial image aggregator Clearview AI reveals breach
A company with a huge database of facial images informed its law enforcement customers this week that it suffered a data breach.
Proposed EU data strategy spells big changes for Big Tech
The European Commission unveiled its long-awaited plans about how it wants to regulate artificial intelligence as well as promote greater data sharing throughout the EU to stimulate further growth and competition in digital services.
Resurgent BIPA more than second fiddle to CCPA?
The California Consumer Privacy Act seems to be in the spotlight lately, but the Illinois Biometric Information Privacy Act should not be overlooked.
Ireland GDPR caseload nearly doubled in 2019
The Irish Data Protection Commission received 7,215 complaints during the first full year the General Data Protection Regulation was in force, representing a 75 percent increase on 2018’s figures of just over 4,000.
Reports: Bieber, Twitter’s Dorsey among 10.6M affected by MGM Resorts hack
Pop star Justin Bieber and Twitter CEO Jack Dorsey were among 10.6 million MGM Resorts guests to have their personal information exposed in a data breach last year, according to multiple reports.
Sen. Gillibrand floats agency to oversee U.S. privacy
Senator Kirsten Gillibrand (D-N.Y.) has introduced legislation to create a “Data Protection Agency” in the United States in order to oversee and enforce federal privacy mandates.
Ireland raid over privacy concerns jilts Facebook Dating
Facebook wants to play Cupid in Europe, but the Irish Data Protection Commission got its arrow in the tech giant first.
More than minor changes? Assessing the latest CCPA updates
The business community was already rushing to comply with the CCPA’s Jan. 1 effective date. But does this latest change ease the way to compliance or just raise more questions?
Equifax indictment and the making of a Chinese cyber-attack
The DOJ announced four members of the Chinese military have been indicted on charges of hacking into the computer systems of Equifax, ultimately resulting in the largest-ever breach of consumer data. From an ERM standpoint, the indictment offers an inside look at the making of a Chinese cyber-attack.
Experts weigh in on Brexit consequences for GDPR, AML, more
The wheels to the United Kingdom’s exit from the European Union are finally in motion, but the hard work still remains as to what kind of future trading relationship the country has with the single market.
Ireland probing Google, Tinder for GDPR violations
Ireland’s data regulator has announced new investigations into Google and MTCH Technology Services—the company behind dating app Tinder—over complaints users’ personal data is being misused in violation of the GDPR.
CCPA cited in Hanna Andersson/Salesforce breach lawsuit
A lawsuit filed against online retailer Hanna Andersson and its e-commerce platform Salesforce is among the first to cite the fledgling California Consumer Privacy Act in its judgment sought.
Mastercard CEO lists Libra red flags as reason for exit
Mastercard CEO Ajay Banga cites concerns with compliance, data management, and making money within regulatory constraints among the reasons his company left the Facebook-led Libra Association late last year.
First four ‘Excellence in Compliance Awards’ finalists revealed
Compliance Week is proud to announce its first four finalists for the “Excellence in Compliance Awards,” a newly formed program that recognizes individual achievement in one of 13 categories relating to risk and compliance.
Germany’s dual approach to data regulation under the GDPR
Germany is staying ahead of the game with an advanced crackdown on data privacy and competition law violations.
Avast dissolves analytics arm following privacy scandal
Avast maintains it always acted “fully within legal bounds,” but the British cyber-security company terminated the provision of data to its analytics arm, Jumpshot, after being accused of putting users’ privacy at risk.
Ad industry requests delay on CCPA enforcement
Insufficient time to prepare was the argument invoked by five advertising trade bodies this week when requesting a further delay to the enforcement of the newly enacted California Consumer Privacy Act
Facebook reveals $550M settlement for Illinois privacy lawsuit
Facebook has reached a $550 million settlement in principle in connection with a class-action lawsuit it faced in Illinois over violations of a state biometric law.
CFTC to adopt NIST Privacy Framework
The Commodity Futures Trading Commission will become the first federal agency to adopt the National Institute of Standards and Technology Privacy Framework, the agency has announced.
Microsoft data leak points to industry-wide security vulnerabilities
Microsoft made headlines when it was discovered that nearly 250 million customer service and support records were exposed on the Web through several unsecured cloud servers. But that’s only a glimpse into wider cloud-security weaknesses throughout the industry.
Lawmakers push for FTC probe into Envestnet data sales
Democratic Sens. Ron Wyden and Sherrod Brown and Rep. Anna Eshoo sent a letter to the Federal Trade Commission urging the agency to investigate Envestnet’s selling practices regarding consumer financial data.
Study expects GDPR fines to rise in 2020
DLA Piper’s latest data breach survey suggests the penalties handed out under the General Data Protection Regulation thus far are not as harsh as they could have been—though that could change in 2020.
NAVEX Global: Top 10 compliance trends for 2020
A recent Webinar, and complementary report, from NAVEX Global offers a look at the top 10 risk and compliance trends for 2020.
e-Book: Firms face mounting pressure from GDPR
More firms have been stymied by the General Data Protection Regulation.
App firms, adtech industry in firing line over possible GDPR violations
The Norwegian Consumer Council, a consumer rights champion, has uncovered a serious no-no in the world of GDPR: popular apps sharing user data, such as religious beliefs and sexual preferences, to advertising and marketing firms in order to drive their own revenue.
British retailer Dixons fined for pre-GDPR breach
The ICO has fined Dixons Carphone for failing to take “basic, commonplace” security measures that would have alerted it to one of the country’s worst cyber-attacks.
Special report: Compliance 2020
CW Editor in Chief Dave Lefort offers 10 predictions on what will dominate compliance headlines in 2020.
Compliance 2020: A timeline
Compliance Week looks back at two decades of scandals, enforcement actions, and regulatory policies (2000-2019) that shaped the compliance function we see today.
Survey: CCPA still poses compliance nightmare
With the clock ticking toward the Jan. 1 implementation date, Compliance Week and ACA Aponix asked 100 compliance practitioners whether their company would be CCPA compliant by the deadline. Their collective answer? Nope.
Apple, Walmart among compliance winners of 2019
Strong social stances, a dedication to doing what’s right, and leading by example highlight the qualities exemplified by our list of ethics and compliance winners of 2019.
Top ethics and compliance failures of 2019
From antitrust and privacy concerns in the tech world to compliance officer liability in the pharmaceutical industry to unethical practices in the banking and accounting professions, more than a dozen companies made Compliance Week’s list of the biggest compliance fails in 2019.
ICO hands out first GDPR fine as BA, Marriott cases linger
The U.K. Information Commissioner’s Office has levied its first fine under the GDPR against a London-based pharmacy. Record-setting penalties announced by the ICO in July against British Airways and Marriott are still not finalized.