n May 18, 2023, the Federal Trade Commission announced it is seeking comment to proposed changes to the Health Breach Notification Rule.
Continue Reading FTC Proposes Amendments to Health Breach Notification Rule
Security Breach
FTC Brings Enforcement Action Against Pregnancy App for Sharing Sensitive Data
On May 17, 2023, the Federal Trade Commission issued a consumer alert regarding the Premom Ovulation Tracker app sharing of sensitive information with third parties without users’ permission.
Continue Reading FTC Brings Enforcement Action Against Pregnancy App for Sharing Sensitive Data
UK Regulators Urge Capita PLC Clients to Assess Effects of Data Breach
On March 22, 2023, Capita PLC experienced a cyber incident which it announced in a press release on April 3, 2023 and an update on April 20, 2023. …
Continue Reading UK Regulators Urge Capita PLC Clients to Assess Effects of Data Breach
The UK Data Protection Regulator Fines TikTok £12.7 Million
On April 4, 2023, the data protection regulator of the UK, the Information Commissioner’s Office, issued a fine of a £12.7 million to TikTok Information Technologies UK Limited and TikTok Inc for a number of breaches of UK data protection law, including failing to use children’s personal data lawfully. …
Continue Reading The UK Data Protection Regulator Fines TikTok £12.7 Million
CNIL issues €125,000 Fine Against E-Scooter Rental Company
On March 28, 2023, the French Data Protection Authority announced a €125,000 fine on the e-scooter rental company Cityscoot for breaching EU and French data protection rules, in particular in the context of geolocation and use of Google reCAPTCHA. …
Continue Reading CNIL issues €125,000 Fine Against E-Scooter Rental Company
New York Attorney General Settles with Law Firm Over Data Breach
On March 27, 2023, New York Attorney General Letitia James announced that a New York-based law firm had agreed to pay $200,000 in penalties and enhance its cybersecurity practices to settle charges stemming from a 2021 data breach. …
Continue Reading New York Attorney General Settles with Law Firm Over Data Breach
SEC Advances Three New Cybersecurity Rule Proposals
On March 15, 2023, the Securities and Exchange Commission proposed three rules related to cybersecurity and the protection of consumers’ information.
Continue Reading SEC Advances Three New Cybersecurity Rule Proposals
NCUA Board Approves Cyber Incident Reporting Requirement for Credit Unions
On February 16, 2023, the National Credit Union Administration Board unanimously approved a final rule requiring federally insured credit unions to notify the NCUA as soon as possible, within 72 hours, after the FCIU “reasonably believes” that a reportable cyber incident has occurred.
Continue Reading NCUA Board Approves Cyber Incident Reporting Requirement for Credit Unions
GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context
On January 4, 2023, the Irish Data Protection Commission announced the conclusion of two inquiries into the data processing practices of Meta Platforms, Inc. on the Instagram and Facebook platforms. …
Continue Reading Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context