Wait, that’s covered? Insurability of Fines and Penalties Flowing From a Cybersecurity Breach
FCPA Compliance and Ethics Report-Episode 31-the FCPA Year in Review, Corporate Enforcement Actions
FCPA Compliance and Ethics Report-Episode 30-Interview with the FCPA Professor-Part 2
Condo complaints not in writing?
Health Data on Leased Photocopier Costs Company $1.2m—What Others Can Learn
Warum ist das relevant? Bei Verstößen gegen das Datenschutzrecht drohen Unternehmen insbesondere zwei Konsequenzen: Maßnahmen der Datenschutzaufsichtsbehörden inkl. möglicher DSGVO-Geldbußen nach Art. 83 DSGVO sowie...more
The Federal Communications Commission (FCC) has announced that it has levied almost $200 million in fines against “the nation’s largest wireless carriers for illegally sharing access to customers’ location information without...more
The Information Commissioner's Office (the "ICO") has clarified the methods it will use to calculate the fines it will issue for breaches of data privacy law in the UK by publishing its latest Data Protection Fining Guidance...more
Die europäischen Datenschutzbehörden haben eine koordinierte Prüfaktion mit Fokus auf das Auskunftsrecht gem. Art. 15 DSGVO gestartet. Dabei handelt es sich um eines der in der Praxis bedeutsamsten Datenschutzrechte, gerade...more
Warum ist das relevant? Die bisherige deutsche Rechtslage ging davon aus, dass die bloße Feststellung eines Datenschutzverstoßes durch ein Unternehmen für die Verhängung einer Geldbuße nicht ausreichend war. Vielmehr musste...more
Avast Limited, a United Kingdom-based company that marketed its browser extensions and antivirus software to protect consumer privacy did just the opposite—storing consumer browsing data indefinitely and selling it...more
Easily track, manage, archive, and audit consumer data requests, subject access requests (SARS), and other processes needed to keep your company compliant. In an era of increasing scrutiny and activity surrounding data...more
Paying the $1.3 million fine is the easy part. Complying with the CAP is a different undertaking. On Sept. 11, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an...more
Florida has joined the growing list of states enacting comprehensive privacy laws. Governor Ron DeSantis (R) signed the Florida Digital Bill of Rights (“FDBR”) into law on June 6th. How does it compare?...more
The Volunteer State became the eighth state to enact a comprehensive data privacy law after Gov. Bill Lee (R) signed the Tennessee Information Protection Act (“TIPA”) into law yesterday, May 11. Tennessee joins a growing...more
Indiana's New Law is on the Books - Last month, three more state legislatures passed comprehensive data privacy laws. Just this week, Indiana’s governor signed one of them - the Indiana Consumer Data Privacy Act (“ICDPA’) -...more
In February 2023, the Brazilian National Data Protection Authority (ANPD) published the rules for the application of sanctions and the methodology for calculating fines for violation of their General Data Protection Law...more
On January 19, the Irish Data Protection Commission (DPC) announced the conclusion of an inquiry into the data processing practices of a U.S.-based messaging service’s Ireland operations and fined the messaging service €5.5...more
Pelosi Statement Dims the Lights on ADPPA - The prospects for the nation’s first comprehensive data privacy law, the American Data Privacy and Protection Act (the “ADPPA” or the “Bill”), dimmed after House Speaker Nancy...more
Ireland’s Data Privacy Commissioner will reportedly fine Instagram for its handling of children’s data. According to an investigation that began in 2020, Instagram published emails and phone numbers for children ages 13 to 17...more
On Aug. 24, 2022, California Attorney General Rob Bonta (AG) announced the first public fine for failure to comply with the California Consumer Privacy Act (CCPA). Beauty products retailer Sephora Inc. agreed in a settlement...more
On August 24, 2022, the California Attorney General’s Office (“AG”) issued a press release regarding a settlement with Sephora, Inc. over allegations that the company violated the California Consumer Privacy Act (“CCPA”) and...more
Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
Keypoint: As it did last year, the Oklahoma House passed a consumer data privacy bill. On March 23, 2022, the Oklahoma House voted 74-15 (with 11 excused) to pass Representative Collin Walke’s HB2969 – the Oklahoma...more
A data breach can be the result of a cyber/ransomware attack or an honest mistake. Either way, the potential impact of compromised data is huge. This impact can be financial (in the form of fines) and reputational (by...more
A California-based lead generation company recently settled with the FTC for $1.5 million over alleged privacy violations. The FTC argued that the company deceptively acquired consumer personal information and improperly...more
Despite the great strides companies have made to mitigate the risks associated with security breaches, including putting insurance in place to cover those risks, cyber criminals have remained two steps ahead, finding new and...more
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
The New Jersey Attorney General’s Office and Division of Consumer Affairs recently announced that two New Jersey-based printing companies, Command Marketing Innovations, LLC (CMI) and Strategic Content Imaging, LLC (SCI),...more
This year has seen further record GDPR fines levied by Data Protection Authorities, however, a second “under the radar” risk exists—namely, being sued for damages. Today we saw a sea-change case (Lloyd v Google) ruling by...more