Tag

Enforcement

Browsing

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Amy de La Lama, a partner in our Chicago office. Amy and Brian discuss a top of mind topic: telehealth, and the changes to US privacy regulations or enforcement priorities that evolve in response to the COVID-19 pandemic. You will hear: A summary of the current regulatory environment in the US regarding to privacy and telehealthHow US authorities taken steps to…

On March 2, 2020, the Dutch Data Protection Authority (DDPA) published its notice of a monetary penalty notice, issued under the General Data Protection Regulation against the Dutch National Tennis Association. A fine in the amount of € 525,000 was imposed for the – allegedly – unauthorized sale of member data to the Association’s sponsors. This decision is relevant as it is the first monetary fine issued by the DDPA which relates to (direct) marketing…

On February 25, 2020, the Federal Trade Commission released its 2019 Privacy and Security Update summarizing the year’s privacy and data security enforcement actions. And, by all accounts, it was a busy year for the privacy enforcement community. Privacy Enforcement Actions The most significant FTC enforcement action in 2019 – in fact, the largest consumer privacy fine ever imposed on any company in the world – was the Commission’s $5 billion penalty against a social…

In recent years, South Korea has become synonymous with some of the strictest data protection laws and regulatory requirements in the region. The laws are regulated by the Korea Communications Commission (KCC), the Ministry of the Interior and Safety (MOIS), and other sector-specific supervisory authorities. Recent amendments to these three laws have resulted in stricter penalties, as well as criminal prosecution for data security breaches. Privacy Officer found guilty of criminal negligence for failing to…

The Federal Trade Commission (FTC) finalized settlements with five companies for claiming EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield certification. Those companies included organizations focused on providing workforce solutions, collaboration platforms, artificial intelligence analytics, clinical trial management, and other IT providers. The actions In each case, the FTC alleged that each company wrongfully claimed current certification under either the EU-U.S. Privacy Shield or Swiss-U.S. Privacy Shield. Both frameworks establish a mechanism for companies to legally…

On 10 January 2018, the UK ICO issued a fine to Carphone Warehouse amounting to £400,000, close to the maximum (of £500,000) under its current powers within the current (pre-GDPR) law. Carphone Warehouse’s computer systems, which contained significant amounts of personal data including customer and employee records as well as historic transaction details, had been the subject of an external cyber-attack.The ICO focussed on what it saw as a series of basic errors which a…

On 27 January, the data protection authority in the Netherlands (“Dutch DPA”) published its main policy priorities (so called “themes”) for the year 2017. Apart from the GDPR, the themes include: profiling, special / sensitive personal data and data security. For companies doing business in the Netherlands, the Dutch DPA’s enforcement agenda is relevant, as it is one of the very few sources to rely on when trying to assess enforcement risks and exposure. Here…

Nearly every company in the world is struggling to effectively manage the broad range of legal and operational risks associated with data. Data is everywhere, and everyone is working to maximize its organizational value, while avoiding wrongful disclosures, theft of informational assets, and the losses related to the costly legal fallout. This is the result, in large part, of new legislation, heightened regulatory scrutiny and marketplace expectations, and increased dependence on service providers for core…