Stay-at-home orders during the coronavirus pandemic have led to explosions of use for popular videoconferencing platforms, some of which have struggled to adjust to new privacy concerns.
Marriott International says a breach may have compromised the personal data of 5.2 million customers, the second significant data breach for the hotel chain since 2018.
Popular face-to-face social networking app Houseparty is on the defensive amid claims of a data breach, offering a $1 million bounty for proof in what it believes may be a “paid commercial smear campaign.”
Due diligence, data, solvency, and supply chain management risks are just some of the issues Europe’s employers are struggling with as normal business has come to a standstill during the coronavirus pandemic.
You’re in charge of mitigating risk and protecting your organization. But how do you develop the best strategy when you aren’t sure what your opponents’ plans are? Understand how to develop a strategy that meets compliance regulations, while mitigating inevitable legislation.
With state attorneys general now fixated on “stay at home” directives amid the coronavirus pandemic, oversight of data privacy regulation may dip. But consumers—and the plaintiffs’ bar—are still watching.
The European Data Protection Board has released a statement attempting to clarify how personal data can be processed by companies during the ongoing coronavirus pandemic.
Research by consultancy firm Accenture shows companies in financial services are more concerned with guarding themselves against the impact of a data breach than realizing any financial benefits of using the data.
In this time of fear and uncertainty, it’s more critical than ever to practice good cyber-security hygiene (just think of it as the technical version of proper handwashing).
Although the coronavirus situation is constantly changing, lawyers say there are several areas of corporate life that are going to test compliance officers and which management will need greater assurance on.
The chair of the European Data Protection Board addresses things companies need to consider as they process different types of personal data in the context of the coronavirus.
Google has received its second fine to date for violating Europe’s General Data Protection Regulation; Sweden’s Data Protection Authority fined the internet giant 75 million Swedish Kroner (U.S. $7.6 million).
For the second time in a matter of four months, T-Mobile announced it has suffered a data breach. Cyber-security experts say it’s a cautionary tale about the vulnerabilities of e-mail accounts that are not properly secured.
Virgin Media is likely to be in the GDPR crosshairs after disclosing a recent breach that affected approximately 900,000 customers to the U.K.’s data regulator.
Telemedicine platform GoodRx has committed to enhancements of its consumer data protection after Consumer Reports called out its sharing practices regarding personal health information.
The U.K. Information Commissioner’s Office has fined airline Cathay Pacific £500,000 (U.S. $643,000) for failing to protect the personal data of millions of customers.
The FCC proposed fines against the four largest wireless carriers in the United States for allegedly selling access to their customers’ location information without taking reasonable measures to protect against unauthorized access.
In a letter to Congressional committee leaders, California Attorney General Xavier Becerra suggests any federal data privacy law should still allow states to have parallel enforcement authority as well as their own laws.
A company with a huge database of facial images informed its law enforcement customers this week that it suffered a data breach.
The European Commission unveiled its long-awaited plans about how it wants to regulate artificial intelligence as well as promote greater data sharing throughout the EU to stimulate further growth and competition in digital services.
The California Consumer Privacy Act seems to be in the spotlight lately, but the Illinois Biometric Information Privacy Act should not be overlooked.
The Irish Data Protection Commission received 7,215 complaints during the first full year the General Data Protection Regulation was in force, representing a 75 percent increase on 2018’s figures of just over 4,000.
Pop star Justin Bieber and Twitter CEO Jack Dorsey were among 10.6 million MGM Resorts guests to have their personal information exposed in a data breach last year, according to multiple reports.
Senator Kirsten Gillibrand (D-N.Y.) has introduced legislation to create a “Data Protection Agency” in the United States in order to oversee and enforce federal privacy mandates.
Facebook wants to play Cupid in Europe, but the Irish Data Protection Commission got its arrow in the tech giant first.
The business community was already rushing to comply with the CCPA’s Jan. 1 effective date. But does this latest change ease the way to compliance or just raise more questions?
The DOJ announced four members of the Chinese military have been indicted on charges of hacking into the computer systems of Equifax, ultimately resulting in the largest-ever breach of consumer data. From an ERM standpoint, the indictment offers an inside look at the making of a Chinese cyber-attack.
The wheels to the United Kingdom’s exit from the European Union are finally in motion, but the hard work still remains as to what kind of future trading relationship the country has with the single market.
Ireland’s data regulator has announced new investigations into Google and MTCH Technology Services—the company behind dating app Tinder—over complaints users’ personal data is being misused in violation of the GDPR.
A lawsuit filed against online retailer Hanna Andersson and its e-commerce platform Salesforce is among the first to cite the fledgling California Consumer Privacy Act in its judgment sought.
Mastercard CEO Ajay Banga cites concerns with compliance, data management, and making money within regulatory constraints among the reasons his company left the Facebook-led Libra Association late last year.
Compliance Week is proud to announce its first four finalists for the “Excellence in Compliance Awards,” a newly formed program that recognizes individual achievement in one of 13 categories relating to risk and compliance.
Germany is staying ahead of the game with an advanced crackdown on data privacy and competition law violations.
Avast maintains it always acted “fully within legal bounds,” but the British cyber-security company terminated the provision of data to its analytics arm, Jumpshot, after being accused of putting users’ privacy at risk.
Insufficient time to prepare was the argument invoked by five advertising trade bodies this week when requesting a further delay to the enforcement of the newly enacted California Consumer Privacy Act
Facebook has reached a $550 million settlement in principle in connection with a class-action lawsuit it faced in Illinois over violations of a state biometric law.
The Commodity Futures Trading Commission will become the first federal agency to adopt the National Institute of Standards and Technology Privacy Framework, the agency has announced.
Microsoft made headlines when it was discovered that nearly 250 million customer service and support records were exposed on the Web through several unsecured cloud servers. But that’s only a glimpse into wider cloud-security weaknesses throughout the industry.
Democratic Sens. Ron Wyden and Sherrod Brown and Rep. Anna Eshoo sent a letter to the Federal Trade Commission urging the agency to investigate Envestnet’s selling practices regarding consumer financial data.
DLA Piper’s latest data breach survey suggests the penalties handed out under the General Data Protection Regulation thus far are not as harsh as they could have been—though that could change in 2020.
A recent Webinar, and complementary report, from NAVEX Global offers a look at the top 10 risk and compliance trends for 2020.
More firms have been stymied by the General Data Protection Regulation.
The Norwegian Consumer Council, a consumer rights champion, has uncovered a serious no-no in the world of GDPR: popular apps sharing user data, such as religious beliefs and sexual preferences, to advertising and marketing firms in order to drive their own revenue.
The ICO has fined Dixons Carphone for failing to take “basic, commonplace” security measures that would have alerted it to one of the country’s worst cyber-attacks.
CW Editor in Chief Dave Lefort offers 10 predictions on what will dominate compliance headlines in 2020.
Compliance Week looks back at two decades of scandals, enforcement actions, and regulatory policies (2000-2019) that shaped the compliance function we see today.
With the clock ticking toward the Jan. 1 implementation date, Compliance Week and ACA Aponix asked 100 compliance practitioners whether their company would be CCPA compliant by the deadline. Their collective answer? Nope.
Strong social stances, a dedication to doing what’s right, and leading by example highlight the qualities exemplified by our list of ethics and compliance winners of 2019.
From antitrust and privacy concerns in the tech world to compliance officer liability in the pharmaceutical industry to unethical practices in the banking and accounting professions, more than a dozen companies made Compliance Week’s list of the biggest compliance fails in 2019.
The U.K. Information Commissioner’s Office has levied its first fine under the GDPR against a London-based pharmacy. Record-setting penalties announced by the ICO in July against British Airways and Marriott are still not finalized.