Security Breach

GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

Posted on February 3, 2023

Posted in Cybersecurity, Enforcement, Health Privacy, Information Security, Security Breach

On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action

Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context

Posted on January 20, 2023

Posted in Enforcement, European Union, International, Security Breach

On January 4, 2023, the Irish Data Protection Commission announced the conclusion of two inquiries into the data processing practices of Meta Platforms, Inc. on the Instagram and Facebook platforms. …
Continue Reading Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context

CIPL & Cisco Publish Joint Report on Business Benefits and ROI of Accountable Privacy Programs

Posted on January 11, 2023

Posted in Centre for Information Policy Leadership, Security Breach

On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Cisco’s Privacy Center of Excellence published a joint report on “Business Benefits of Investing in Data Privacy Management Programs.” …
Continue Reading CIPL & Cisco Publish Joint Report on Business Benefits and ROI of Accountable Privacy Programs

Claimant to Maintain Anonymity in English High Court Cyber Attack Case

Posted on December 22, 2022

Posted in Cybersecurity, European Union, Information Security, International, Security Breach

On December 20, 2022, the English High Court has granted the victim of a cyber attack a permanent injunction against cyber attackers whilst the victim organization maintains its anonymity.
Continue Reading Claimant to Maintain Anonymity in English High Court Cyber Attack Case

HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

Posted on December 19, 2022

Posted in Health Privacy, Information Security, Online Privacy, Security Breach

On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. …
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

Pennsylvania Amends Breach Notification Law

Posted on November 14, 2022

Posted in Health Privacy, Information Security, Online Privacy, Security Breach, U.S. State Law

On November 3, 2022, Pennsylvania Governor Tom Wolf singed Senate Bill 636 into law, amending Pennsylvania’s breach notification law.
Continue Reading Pennsylvania Amends Breach Notification Law

The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand

Posted on November 7, 2022

Posted in Children’s Privacy, European Union, International, Security Breach

On November 2, 2022, the ICO issued the UK Department for Education with a formal reprimand following an investigation into the sharing of personal data stored on the Learning Records Service, a database which provides a record of pupils’ qualifications that the DfE has overall responsibility for. …
Continue Reading The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand

FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers

Posted on November 2, 2022

Posted in Cybersecurity, Information Security, Security Breach

On October 31, 2022, the Federal Trade Commission announced a proposed settlement with education technology provider Chegg in connection with the company’s alleged poor cybersecurity practices. …
Continue Reading FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers

FTC Takes Action Against Drizly and its CEO for Alleged Security Failures that Exposed Data of 2.5 Million Consumers

Posted on October 27, 2022

Posted in Cybersecurity, Enforcement, Information Security, Online Privacy, Security Breach

On October 24, 2022, the Federal Trade Commission announced a proposed consent order with Drizly, an online alcohol ordering and delivery service, and the company’s CEO, for the company’s alleged failure to maintain appropriate security safeguards that led to a data breach that affected 2.5 million consumers’ personal information. …
Continue Reading FTC Takes Action Against Drizly and its CEO for Alleged Security Failures that Exposed Data of 2.5 Million Consumers

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

Posted on October 25, 2022

Posted in Cybersecurity, Enforcement, European Union, Information Security, International, Security Breach

On October 24, 2022, the UK Information Commissioner’s Office issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the GDPR, during the period of March 2019 to December 2020.
Continue Reading UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

Menu

Privacy & Information Security Law Blog