On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014.
Continue Reading Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
Security Breach
ICO Fines Ticketmaster £1.25 Million for Security Failures
Posted on
On November 13, 2020, the UK Information Commissioner’s Office fined Ticketmaster UK Limited £1.25 million for failing to keep its customers’ personal data secure.…
Continue Reading ICO Fines Ticketmaster £1.25 Million for Security Failures
ICO Fines Marriott International £18.4 Million for Security Breach
Posted on
Posted in International, Security Breach
On October 30, 2020, the UK Information Commissioner’s Office announced its fine of £18.4 for Marriott International, Inc., for violations of the GDPR, a significant decrease from the proposed fine of £99,200,396 announced in July 2019.…
Continue Reading ICO Fines Marriott International £18.4 Million for Security Breach
China Issues Draft of Personal Information Protection Law
Posted on
On October 21, 2020, China issued its draft of Personal Information Protection Law for public comments. This blog entry provides highlights on the draft law.…
Continue Reading China Issues Draft of Personal Information Protection Law
ICO Fines British Airways £20 Million for Security Breach
Posted on
Posted in International, Security Breach
On October 16, 2020, the UK Information Commissioner’s Office announced its fine of £20,000,000 for British Airways for violations of the GDPR, which is a significant decrease from the proposed fine of £183,390,000 from July 2019. …
Continue Reading ICO Fines British Airways £20 Million for Security Breach
42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
Posted on
Posted in Security Breach
On September 30, 2020, Anthem, Inc., entered into an assurance of voluntary compliance with the attorneys general of 42 states and the District of Columbia to resolve claims under state and federal law relating to Anthem’s 2015 data breach of personal information and protected health information, the largest breach of PHI in history.…
Continue Reading 42 States and District of Columbia Enter into $39.5 Million Agreement with Anthem to Settle Breach-Related Claims
OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
Posted on
Posted in Health Privacy, Security Breach
On September 21, 2020, the U.S. Department of Health and Human Services Office for Civil Rights announced a $1.5 million settlement with Athens Orthopedic Clinic PA for alleged violations of the HIPAA Privacy and Security Rules.…
Continue Reading OCR Settles with Orthopedic Clinic for $1.5 Million for Alleged HIPAA Noncompliance
ICO Publishes Its Accountability Framework
Posted on
On September 9, 2020, the UK Information Commissioner’s Office published an Accountability Framework, designed to assist organizations in complying with their accountability obligations under the EU General Data Protection Regulation.…
Continue Reading ICO Publishes Its Accountability Framework
EU Council Imposes First-Ever Sanctions against Cyber Attacks
Posted on
On July 30, 2020, the Council of the European Union imposed for the first time restrictive measures against six individuals and three entities responsible for or involved in various cyber attacks. …
Continue Reading EU Council Imposes First-Ever Sanctions against Cyber Attacks
NYDFS Files First Cybersecurity Enforcement Action
Posted on
On July 22, 2020, the New York Department of Financial Services announced its first enforcement action under the NYDFS Cybersecurity Regulation since the rules went into effect in March 2017.…
Continue Reading NYDFS Files First Cybersecurity Enforcement Action