On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Cisco’s Privacy Center of Excellence published a joint report on “Business Benefits of Investing in Data Privacy Management Programs.”
Continue Reading CIPL & Cisco Publish Joint Report on Business Benefits and ROI of Accountable Privacy Programs
Security Breach
Claimant to Maintain Anonymity in English High Court Cyber Attack Case
On December 20, 2022, the English High Court has granted the victim of a cyber attack a permanent injunction against cyber attackers whilst the victim organization maintains its anonymity.
Continue Reading Claimant to Maintain Anonymity in English High Court Cyber Attack Case
HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
On December 1, 2022, the Office for Civil Rights at the U.S. Department of Health and Human Services released a Bulletin on the obligations of HIPAA covered entities and business associates under the HIPAA Privacy, Security, and Breach Notification Rules when using online tracking technologies. …
Continue Reading HHS Releases Bulletin on Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates
Pennsylvania Amends Breach Notification Law
On November 3, 2022, Pennsylvania Governor Tom Wolf singed Senate Bill 636 into law, amending Pennsylvania’s breach notification law.
Continue Reading Pennsylvania Amends Breach Notification Law
The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand
On November 2, 2022, the ICO issued the UK Department for Education with a formal reprimand following an investigation into the sharing of personal data stored on the Learning Records Service, a database which provides a record of pupils’ qualifications that the DfE has overall responsibility for. …
Continue Reading The Information Commissioner’s Office Issues UK Department for Education with Formal Reprimand
FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers
On October 31, 2022, the Federal Trade Commission announced a proposed settlement with education technology provider Chegg in connection with the company’s alleged poor cybersecurity practices. …
Continue Reading FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers
FTC Takes Action Against Drizly and its CEO for Alleged Security Failures that Exposed Data of 2.5 Million Consumers
On October 24, 2022, the Federal Trade Commission announced a proposed consent order with Drizly, an online alcohol ordering and delivery service, and the company’s CEO, for the company’s alleged failure to maintain appropriate security safeguards that led to a data breach that affected 2.5 million consumers’ personal information. …
Continue Reading FTC Takes Action Against Drizly and its CEO for Alleged Security Failures that Exposed Data of 2.5 Million Consumers
UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations
On October 24, 2022, the UK Information Commissioner’s Office issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the GDPR, during the period of March 2019 to December 2020.
Continue Reading UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations
NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach
On October 12, 2022, New York Attorney General Letitia James announced that her office had secured a $1.9 million penalty from e-commerce retailer Zoetop, owner of SHEIN and ROMWE, following an improperly handled data breach.
Continue Reading New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach