Wait, that’s covered? Insurability of Fines and Penalties Flowing From a Cybersecurity Breach
FCPA Compliance and Ethics Report-Episode 31-the FCPA Year in Review, Corporate Enforcement Actions
FCPA Compliance and Ethics Report-Episode 30-Interview with the FCPA Professor-Part 2
Condo complaints not in writing?
Health Data on Leased Photocopier Costs Company $1.2m—What Others Can Learn
X Agrees to Stop Processing EU Data to Train its Grok AI - Ireland’s Data Protection Commission (“DPC”) recently filed an urgent High Court application against X (formerly Twitter) for using the personal data of European...more
On July 24, the Massachusetts Legislature passed legislation that will impact many Massachusetts employers in terms of their “pay transparency practices” for current employees and future applicants....more
New Hampshire’s New Law is on the Books - 2023 was a record-breaking year, with legislators in Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas passing comprehensive data privacy laws, joining California,...more
Avast Limited, a United Kingdom-based company that marketed its browser extensions and antivirus software to protect consumer privacy did just the opposite—storing consumer browsing data indefinitely and selling it...more
Could Artificial Intelligence (AI) increase the likelihood of an IRS audit in your future? How does the IRS use AI to identify US taxpayers who attempt to hide assets, under-report income or otherwise cheat the IRS? In...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11. Tennessee joins a growing...more
On January 19, the Irish Data Protection Commission (DPC) announced the conclusion of an inquiry into the data processing practices of a U.S.-based messaging service’s Ireland operations and fined the messaging service €5.5...more
Pelosi Statement Dims the Lights on ADPPA - The prospects for the nation’s first comprehensive data privacy law, the American Data Privacy and Protection Act (the “ADPPA” or the “Bill”), dimmed after House Speaker Nancy...more
The Federal Trade Commission (FTC) and Department of Justice (DOJ) recently ordered Twitter to pay $150 million for violating a 2011 FTC order that prohibited the company from misrepresenting its privacy and data security...more
When it comes to making sure financial data is safe and meets compliance regulations, understanding the different regulatory bodies and how they affect your organization is a vital first step. Two of the most common...more
Companies have always had requirements to retain records in accordance with laws and regulations—and to dispose of them once those obligations were no longer in force. But by and large, most haven’t done so in any consistent,...more
On September 2, 2021, EU regulators fined Facebook-owned chat service, WhatsApp, £225 million (around $266 million) for failing to fully disclose its user data collection and sharing practices. This is the second largest fine...more
CEP Magazine (December 2020) - The Hamburg Data Protection Authority issued their largest fine ever under the General Data Protection Regulation (GDPR) for employee-related offenses. A fine of more than €35 million was...more
Report on Supply Chain Compliance 3, no. 16 (August 20, 2020) - After Twitter disclosed in October 2019 that it had used sensitive information for marketing purposes, investigations by the Federal Trade Commission (FTC)...more
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
Under Russian Data Protection Law, when collecting personal data, data operators (controllers) must ensure that recording, systematization, accumulation, storage, updating and extraction of personal data relating to Russian...more
On 21 November 2019 a bill imposing multi-million Ruble (RUB) fines for infringing Russian data localization and information security laws passed the last hearing at the State Duma. This likely means that the bill will become...more
The Data Protection Supervisory Authority for the state of Berlin (Die Berliner Beauftragte für Datenschutz und Informationsfreiheit, “Supervisory Authority”) recently issued a fine for GDPR violations against Germany’s...more
The Spanish supervisory authority agencia española protección datos (“Supervisory Authority”) has issued a fine against an airline based on their use of a cookie banner, which the Supervisory Authority considered not to be...more
Big Picture Takeaways: Facebook faces many detailed requirements for internal and external governance and oversight with extensive reporting requirements...more
On June 13, 2019, a new draft bill imposing multi-million Ruble (RUB) fines for infringing Russian data localization and information security laws—multiplying the maximum penalty under current law by a magnitude of 240—was...more
In this episode of OnRisk, Lucas Tanglen and Jeff Meagher discuss the cyber insurance implications of the European Union’s new privacy regulation—the General Data Protection Regulation or GDPR. The GDPR, which took effect on...more
In this month's edition of our Privacy & Cybersecurity Update, we examine the European Data Protection Board's published opinions on data protection impact assessments, an Ohio court's ruling that bitcoin is covered insured...more
I recently purchased an Internet Protocol (IP) camera to monitor my dog, Ruben, during those times that he has free reign of the house. Since “RubenCam” has been online, I’m not sure he has been any less rambunctious, but I’m...more
Europe's General Data Protection Regulation (“GDPR”) became effective last Friday, May 25. That same day, the non-profit NOYB (from the colloquial “none of your business”) filed lawsuits against Google, together with...more