On November 30, 2022, the UK government confirmed that the Network and Information Systems Regulations 2018 will be strengthened to protect essential and digital services against cyber attacks.
Continue Reading UK Cyber Laws Extended to Bring Outsourcers and Managed Service Providers into Scope to Strengthen UK’s Resilience Against Online Cyber Attacks
Enforcement
Google Enters into Agreement with DOJ over 2016 Search Warrant Data Loss
Posted on
Posted in Enforcement, U.S. Federal Law
On October 25, 2022, the U.S. Department of Justice announced that Google had entered into an agreement to resolve a dispute over the loss of data responsive to a search warrant issued in 2016.
Continue Reading Google Enters into Agreement with DOJ over 2016 Search Warrant Data Loss
$100M FTC Enforcement Action Against Internet Phone Service Provider for Dark Patterns
Posted on
Posted in Enforcement, Online Privacy
On November 3, 2022, the Federal Trade Commission announced a proposed order to settle an action against an internet phone service provider, Vonage, that would require Vonage to pay $100 million in refunds to customers harmed by its practices, which the FTC alleged included “dark patterns” that made it difficult for customers to cancel their service. …
Continue Reading $100M FTC Enforcement Action Against Internet Phone Service Provider for Dark Patterns
CPPA Releases New Modified Proposed CPRA Regulations
Posted on
On November 3, 2022, the California Privacy Protection Agency released new modified proposed California Privacy Rights Act regulations, which make updates to the draft CPRA regulations released on October 17, 2022. …
Continue Reading CPPA Releases New Modified Proposed CPRA Regulations
Colorado AG Publishes Draft Colorado Privacy Act Rules
Posted on
Posted in Enforcement, U.S. State Law
Last month, the Colorado Attorney General’s Office submitted an initial draft of the Colorado Privacy Act Rules, which will implement and enforce the Colorado Privacy Act.
Continue Reading Colorado AG Publishes Draft Colorado Privacy Act Rules
FTC Takes Action Against Drizly and its CEO for Alleged Security Failures that Exposed Data of 2.5 Million Consumers
Posted on
On October 24, 2022, the Federal Trade Commission announced a proposed consent order with Drizly, an online alcohol ordering and delivery service, and the company’s CEO, for the company’s alleged failure to maintain appropriate security safeguards that led to a data breach that affected 2.5 million consumers’ personal information. …
Continue Reading FTC Takes Action Against Drizly and its CEO for Alleged Security Failures that Exposed Data of 2.5 Million Consumers
UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations
Posted on
On October 24, 2022, the UK Information Commissioner’s Office issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the GDPR, during the period of March 2019 to December 2020.
Continue Reading UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations
New York Legislature Considers New York Child Data Privacy and Protection Act
Posted on
On September 23, 2022, New York State Senator Andrew Gounardes introduced S9563, also known as the “New York Child Data Privacy and Protection Act.” …
Continue Reading New York Legislature Considers New York Child Data Privacy and Protection Act
NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
Posted on
On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
CNIL Fines Clearview AI 20 Million Euros for Unlawful Use of Facial Recognition Technology
Posted on
On October 17, 2022, the French Data Protection Authority imposed a €20 million fine on Clearview AI for unlawful use of facial recognition technology.
Continue Reading CNIL Fines Clearview AI 20 Million Euros for Unlawful Use of Facial Recognition Technology