On March 31, 2021, the Dutch Data Protection Authority, announced a fine of 475,000 Euros for Dutch headquartered online travel agency Booking.com for failure to report a data breach within 72 hours of becoming aware of the incident in 2019.
Continue Reading Dutch Regulator Fines Booking.com 475,000 Euros for Late Breach Reporting
Enforcement
OCR Continues to Settle HIPAA Right of Access Initiative Cases
Posted on
The U.S. Department of Health and Human Services’ Office for Civil Rights recently announced more settlements associated with its HIPAA Right of Access Initiative.…
Continue Reading OCR Continues to Settle HIPAA Right of Access Initiative Cases
Board Members Appointed to California Privacy Protection Agency
Posted on
Posted in Enforcement, U.S. State Law
As reported by Bloomberg Law, on March 17, 2021, the five board members of the California Privacy Protection Agency were announced.…
Continue Reading Board Members Appointed to California Privacy Protection Agency
NYDFS Settles with Mortgage Company for Data Breach
Posted on
The New York Department of Financial Services recently announced it had entered into a settlement with Residential Mortgage Services, Inc. related to allegations that the company violated the NYDFS Cybersecurity Regulation in connection with a 2019 data breach. …
Continue Reading NYDFS Settles with Mortgage Company for Data Breach
CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
Posted on
On January 27, 2021, the French Data Protection Authority announced that it imposed a fine of 150,000 Euros on a data controller, and a fine of 75,000 Euros on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website of the data controller. The CNIL decided not to make its decisions public, thereby not disclosing the name of the companies sanctioned.…
Continue Reading CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
FTC Pursues Advertising Network that Failed to Deliver In-Game Rewards in Exchange for Payment or Personal Information
Posted on
As reported on the Hunton Retail Law Resource blog, the Federal Trade Commission settled charges with mobile advertising company Tapjoy, Inc., on allegations that the company failed to provide promised rewards in exchange for completed activities such as the payment of money, disclosure of sometimes-sensitive personal information or registration for “free trial” marketing offers.…
Continue Reading FTC Pursues Advertising Network that Failed to Deliver In-Game Rewards in Exchange for Payment or Personal Information
FTC Announces Proposed Settlement with App Developer over Alleged Deceptive Practices
Posted on
On January 11, 2021, the FTC announced that Everalbum, Inc. (“Everalbum”), developer of the “Ever” photo storage app, agreed to a settlement over allegations that the company deceived consumers about its use of facial recognition technology and its retention of the uploaded photos and videos of users who deactivated their accounts.…
Continue Reading FTC Announces Proposed Settlement with App Developer over Alleged Deceptive Practices
FTC Announces Enforcement for Inadequate Third-Party Risk Management Practices Under the GLBA’s Safeguards Rule
Posted on
On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company, to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders.…
Continue Reading FTC Announces Enforcement for Inadequate Third-Party Risk Management Practices Under the GLBA’s Safeguards Rule
FTC Issues Orders to Nine Social Media and Video Streaming Service Companies Regarding Privacy Practices
Posted on
On December 14, 2020, the Federal Trade Commission announced that it had issued orders to nine social media and video streaming companies, requesting information on how the companies collect, use and present personal information, their advertising and user engagement practices and how their practices affect children and teens.…
Continue Reading FTC Issues Orders to Nine Social Media and Video Streaming Service Companies Regarding Privacy Practices
Irish DPA Issues Fine of 450,000 Euros Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism
Posted on
On December 15, 2020, the Irish Data Protection Commission announced its fine of 450,000 Euros against Twitter International Company, following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the GDPR to date and is also its first against a U.S.-based organization. …
Continue Reading Irish DPA Issues Fine of 450,000 Euros Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism