Tag

Enforcement

Browsing

In this episode, Cynthia Cole, IP & Technology Partner based in Palo Alto, is joined by Jerome Tomas, Chair of the Firm’s Securities and Exchange (SEC) and Financial Institutions Enforcement Group based in Chicago, as the two discuss the SEC’s recently issued Final Rules for Cyber and what this means for public companies. Listen in to learn more about: Why should you care? The SEC has brought enforcement actions before based on data breach disclosure-what’s different…

In brief The European Data Protection Board (EDPB) has begun the 2023 iteration of its annual coordinated enforcement action under the General Data Protection Regulation (GDPR). In coordination with twenty-six EDPB Supervisory Authorities (SAs), the EDPB will analyze the roles, tasks, resources, and positions of Data Protection Officers (DPOs) in public and private sector organizations. DPOs should expect to receive requests soon from Supervisory Authorities to respond to questionnaires intended to aid that analysis, describing…

General purpose After several attempts to classify the content of video games in Mexico, the Ministry of Interior (SEGOB) on November 27, 2020, published the General Guidelines of the Mexican System of Classification Equivalencies for Video Game Content. It is more likely than not that the Mexican government borrowed a page from the Entertainment Software Rating Board (ESRB) classification system applied in United States. Moreover, the guidelines set the content specifications for classification purposes, specifying…

Brian Hengesbaugh is joined by Jessica Nall, partner in Baker McKenzie’s San Francisco/Palo Alto office. Jessica and Brian discuss the series of cybersecurity incidents former giant Yahoo experienced in 2013 and 2014, and Jessica’s lessons learned as a lead attorney representing individuals in those cases in the following government investigations in 2016. Listen in to hear: What went wrong in the case, and why those failures remain relevant todayHow companies can avoid becoming a target…

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Amy de La Lama, a partner in our Chicago office. Amy and Brian discuss a top of mind topic: telehealth, and the changes to US privacy regulations or enforcement priorities that evolve in response to the COVID-19 pandemic. You will hear: A summary of the current regulatory environment in the US regarding to privacy and telehealthHow US authorities taken steps to…

On March 2, 2020, the Dutch Data Protection Authority (DDPA) published its notice of a monetary penalty notice, issued under the General Data Protection Regulation against the Dutch National Tennis Association. A fine in the amount of € 525,000 was imposed for the – allegedly – unauthorized sale of member data to the Association’s sponsors. This decision is relevant as it is the first monetary fine issued by the DDPA which relates to (direct) marketing…

On February 25, 2020, the Federal Trade Commission released its 2019 Privacy and Security Update summarizing the year’s privacy and data security enforcement actions. And, by all accounts, it was a busy year for the privacy enforcement community. Privacy Enforcement Actions The most significant FTC enforcement action in 2019 – in fact, the largest consumer privacy fine ever imposed on any company in the world – was the Commission’s $5 billion penalty against a social…

In recent years, South Korea has become synonymous with some of the strictest data protection laws and regulatory requirements in the region. The laws are regulated by the Korea Communications Commission (KCC), the Ministry of the Interior and Safety (MOIS), and other sector-specific supervisory authorities. Recent amendments to these three laws have resulted in stricter penalties, as well as criminal prosecution for data security breaches. Privacy Officer found guilty of criminal negligence for failing to…

The Federal Trade Commission (FTC) finalized settlements with five companies for claiming EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield certification. Those companies included organizations focused on providing workforce solutions, collaboration platforms, artificial intelligence analytics, clinical trial management, and other IT providers. The actions In each case, the FTC alleged that each company wrongfully claimed current certification under either the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield. Both frameworks establish a mechanism for companies to legally…

On 10 January 2018, the UK ICO issued a fine to Carphone Warehouse amounting to £400,000, close to the maximum (of £500,000) under its current powers within the current (pre-GDPR) law. Carphone Warehouse’s computer systems, which contained significant amounts of personal data including customer and employee records as well as historic transaction details, had been the subject of an external cyber-attack.The ICO focussed on what it saw as a series of basic errors which a…