Now Available!
Join Us On LinkedIn
Join the Cybersecurity and Incident Response Group on LinkedInData Transfer Considerations in Investigations | Investigations and Enforcement Blog
Companies that operate in more than one jurisdiction that are either carrying out an internal investigation or are subject to a criminal or regulatory investigation by U.S. law enforcement agencies will almost certainly need to consider the legality of trans-Atlantic data transfers. Under European law, in particular, companies falling short in compliance with data protection […]
Reasonable and Pragmatic Approach by UK’s ICO to GDPR Compliance during the COVID-19 Pandemic
On March 12, 2020, the Information Commissioner’s Office (ICO), the U.K.’s data protection authority (DPA), published Guidance for data controllers on their data protection compliance obligations during the COVID-19 pandemic. The take-away point is that the ICO will take into account “the compelling public interest in the current health emergency” and will take a “reasonable […]
On data protection, the UK says it will go it alone. It probably won’t. | ZDNet
After the UK left the EU, at the end of January, Prime Minister Boris Johnson said the UK will now look to “develop separate and independent policies” in a number of areas, including data protection. However, in reality the UK is unlikely to stray too far from European rules or risk significant disruption. Currently, the […]
GDPR: 160,000 data breaches reported already, so expect the big fines to follow | ZDNet
Over 160,000 data-breach notifications have been made to authorities in the 18 months since Europe’s new digital privacy regulation came into force, and the number of breaches and other security incidents being reported is on the rise. Analysis by law firm DLA Piper found that after the General Data Protection Regulation (GDPR) came into force on 25 […]
Data breach trends from the first year of the GDPR revealed – TechCentral.ie
Of the 5,818 breach notifications the DPC has received since 25 May 2018, common trends include late notifications; difficulty in assessing risk ratings; failure to communicate the breach to data subjects; repeat breach notifications; and inadequate reporting. Unauthorised disclosure was the main offender; it was behind 83% of all breaches. This can include sending an […]
Massive GDPR Fines Have Serious Implications for Corporate Risk | The D&O Diary
The EU’s General Data Protection Regulation went into effect with great fanfare in May 2018, along with great trepidation about the potential fines regulators might impose for violation of the regulation’s requirements. In the following months, regulators imposed relatively few fines, for relatively modest amounts. However, just in the last several days, the U.K. privacy […]
Morrisons Data Breach: A Word Of Warning For Employers – Data Protection – European Union
Introduced against the backdrop of the Facebook-Cambridge Analytica scandal, the GDPR concerns data protection and privacy for all individuals within the European Union (EU) and the wider European Economic Area (EEA). It is designed to give individuals more control over the handling of their personal information and not only imposes strict rules on the processing […]
One year in, how is the GDPR working?
Transition year or not, early numbers for the GDPR make clear that the policy has been a success as a breach notification law, but largely a failure when it comes to imposing fines on companies that fail to adequately protect their customers’ data. At the panel discussion, Stephen Eckersley, the head of enforcement at the […]
GDPR May Add Up To $915? Marriott’s Data Breach Expenses
Marriott data breach is under investigation in several countries, where the hotel and resorts giant has a presence. In the E.U., Information Commissioner’s Office (ICO) leads the investigation. It is the UK independent body set up to uphold information rights. Local authorities of each country are interested to participate as ‘supervisory authorities’ in the cooperative […]
Guest Post: What Can the First GDPR Fines Tell Us? | The D&O Diary
As most readers undoubtedly are aware, the EU’s General Data Protection Regulation went into effect on May 25, 2018. Even though the regulation has only been in effect for a few months, regulators across Europe have already starting levying fines under the regulation’s provisions. In the following guest post, Bill Boeck takes a look at […]
GDPR enforcement has begun. Here’s an update – The FCPA Blog – The FCPA Blog
In Britain, privacy regulators announced intentions to fine Facebook £500,000 ($650,000) for sharing user data with Cambridge Analytica, the now-defunct firm embroiled in questions about Russian meddling in U.S. and European elections.In the Netherlands, regulators fined a Dutch bank $62,000 for its failure to respond in a timely fashion to a customer’s request to see […]
Your Cyber Insurance Policy May Not Cover GDPR Fines and Liabilities | Womble Bond Dickinson
Recent studies call into question whether a company can insure against the unprecedented huge fines for violating the complex and vague EU privacy law, the General Data Protection Regulation (GDPR), or whether such insurance would cover liabilities arising from the new class action suits available under the GDPR. Companies with international exposure should check their […]
UK watchdog has not issued any GDPR data breach-related fines yet | ZDNet
More than three months into the GDPR era, the UK’s data privacy watchdog –the Information Commissioner’s Office– has not fined any company yet under the severe terms of the new EU legislation. via UK watchdog has not issued any GDPR data breach-related fines yet | ZDNet.
Investors Filed GDPR-Related Securities Suit Against Nielsen Holdings | The D&O Diary
Earlier this year when I questioned whether or not privacy-related issues might represent an important emerging area of corporate liability, I was thinking we might see privacy claims emerge over time. I was thinking a longer time frame, over the course of years. What has happened is that the privacy-related claims are materializing now. As […]
Language Matters When It Comes to a Data Breach – Security Boulevard
No word yet if Ticketfly falls under GDPR rules—the company primarily deals with events in the United States, so it is uncertain whether it has EU customers—but the official statement does not include the term “data breach.” Rather, it refers to the attack as a “cyber incident” and notes the information of its customers was […]