Life With GDPR: Cathay Pacific Enforcement Action
Life With GDPR: Episode 30- British Airways Data Breach Enforcement Action
E18: ICANN Loses First GDPR Court Ruling in Germany
The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily...more
In this month’s Privacy & Cybersecurity Update, we review Connecticut’s passage of a comprehensive privacy law (making it the fifth state to do so), the newly enacted federal Better Cybercrime Metrics Act, New York’s new law...more
On September 10, the U.K. government launched a consultation “Data: A New Direction” (Consultation), which proposes significant changes to the U.K.’s data protection framework. The U.K. government has signalled its...more
With the UK now unambiguously out of the EU, the EU General Data Protection Regulation (2016/679) (“EU GDPR”) has been replaced by the United Kingdom General Data Protection Regulation (“UK GDPR”). In this third instalment of...more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Releases Revision to Security Standard - On September 23, the National Institute of Standards and Technology ("NIST") released Revision 5 to...more
Hot on the heels of the £20 million fine issued to British Airways, the Information Commissioner’s Office (“ICO“) has issued Marriott International Inc. (“Marriott“) with a long-awaited penalty notice for its failure to...more
Few will have been surprised that, when the ICO eventually published details of the BA and Marriott fines, the final penalties were very much lower than the £183+ million and £99+ million proposed in the original notices of...more
On 30 October 2020, the UK’s data privacy regulator, the Information Commissioner’s Office (ICO) issued a final penalty notice (Penalty Notice) to fine the hotel chain Marriott International, Inc. (Marriott) for a GDPR data...more
The UK Information Commissioner’s Office (ICO) has recently handed down two of the largest fines relating to a data breach in UK history. In August 2018, British Airways (BA) was subject to a cyberattack which breached the...more
At £20 million, the fine imposed on British Airways (BA) for its infringement of the General Data Protection Regulation is the biggest fine of its kind in the history of the U.K.’s Information Commissioner’s Office (ICO)....more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - Cybersecurity Standards Issued for Government Contractors - On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
States Consider Privacy and Data Security Legislation - It’s that time of year again, when we see a flood of legislative activity at the state level on privacy and data security laws. A couple of recent examples are below....more
The UK Supervisory Authority (the ICO) has had a headline-busting month. On July 9, 2019, the ICO announced its intention to fine Marriott International more than £99 million under the GDPR (General Data Protection...more
In early July, a global hospitality company announced in a U.S. Securities and Exchange Commission (SEC) filing that it had been fined more than $124 million (more than £99 million) by the United Kingdom's Information...more
On July 8, 2019, the UK Information Commissioner’s Office (ICO) announced its intention to fine British Airways GBP 183.39 million over a data breach in which the personal data of approximately 500,000 customers was...more
GDPR fines are seemingly like buses, you wait over a year for enforcement action by the UK’s data supervisory authority, the ICO, and then two come along at once – and with quite dramatic effect. The ICO has stretched its...more
British Data Protection Authority Flexes GDPR Enforcement Muscles - No longer is the bark of sanctions for lax data protection practices worse than its bite. The Information Commissioner’s Office (ICO)—the United Kingdom's...more
Key Takeaways - - The proposed £183 million and £99.2 million fines against British Airways and Marriott, respectively, by the UK’s ICO emphasise: - The need for companies to maintain appropriate data protection practices...more
The ICO issued notices of intent to fine British Airways and Marriott. What happened? On 8 July 2019, the UK Information Commissioner’s Office (ICO) announced a notice of intent to fine British Airways £183.39 million (about...more
Any doubt that the world of data protection changed profoundly when the European Union’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, were solidly dispelled when the United Kingdom’s Information...more
On 8 July 2019, the U.K. Information Commissioner’s Office (ICO) issued a Notice of Intent to fine British Airways (BA) £183.39 million (approximately $232 million). While the Notice of Intent, as the name suggests, is not a...more
On July 8, 2019, the Information Commission’s Office (ICO) announced its intention to fine British Airways £183.39M ($230M), for infringements of the General Data Protection Regulation (GDPR)....more
If you wait for them, the big General Data Protection Regulation (GDPR) fines will come. UK Data protection authority, ICO, announced its intent to fine British Airways 183 million GBP (1.5 percent of annual revenue) for a...more
An English-Language Primer on Germany’s GDPR Implementation Statute. Expanding on his recent article for Bloomberg BNA, Alston & Bird associate Dan Felz offers a multipart primer on Germany’s new GDPR implementation statute....more