On March 22, 2023, Capita PLC experienced a cyber incident which it announced in a press release on April 3, 2023 and an update on April 20, 2023.
Continue Reading UK Regulators Urge Capita PLC Clients to Assess Effects of Data Breach
Security Breach
The UK Data Protection Regulator Fines TikTok £12.7 Million
On April 4, 2023, the data protection regulator of the UK, the Information Commissioner’s Office, issued a fine of a £12.7 million to TikTok Information Technologies UK Limited and TikTok Inc for a number of breaches of UK data protection law, including failing to use children’s personal data lawfully. …
Continue Reading The UK Data Protection Regulator Fines TikTok £12.7 Million
CNIL issues €125,000 Fine Against E-Scooter Rental Company
On March 28, 2023, the French Data Protection Authority announced a €125,000 fine on the e-scooter rental company Cityscoot for breaching EU and French data protection rules, in particular in the context of geolocation and use of Google reCAPTCHA. …
Continue Reading CNIL issues €125,000 Fine Against E-Scooter Rental Company
New York Attorney General Settles with Law Firm Over Data Breach
On March 27, 2023, New York Attorney General Letitia James announced that a New York-based law firm had agreed to pay $200,000 in penalties and enhance its cybersecurity practices to settle charges stemming from a 2021 data breach. …
Continue Reading New York Attorney General Settles with Law Firm Over Data Breach
SEC Advances Three New Cybersecurity Rule Proposals
On March 15, 2023, the Securities and Exchange Commission proposed three rules related to cybersecurity and the protection of consumers’ information.
Continue Reading SEC Advances Three New Cybersecurity Rule Proposals
NCUA Board Approves Cyber Incident Reporting Requirement for Credit Unions
On February 16, 2023, the National Credit Union Administration Board unanimously approved a final rule requiring federally insured credit unions to notify the NCUA as soon as possible, within 72 hours, after the FCIU “reasonably believes” that a reportable cyber incident has occurred.
Continue Reading NCUA Board Approves Cyber Incident Reporting Requirement for Credit Unions
GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
On February 1, 2023, the Federal Trade Commission announced that it entered into a proposed order with GoodRx, a telehealth and prescription drug discount provider, for violations of the FTC’s Health Breach Notification Rule stemming from GoodRx’s unauthorized disclosures of consumers’ personal health information to third party advertisers and other companies.
Continue Reading GoodRx to Pay $1.5 Million in First Ever FTC Health Breach Notification Rule Enforcement Action
Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context
On January 4, 2023, the Irish Data Protection Commission announced the conclusion of two inquiries into the data processing practices of Meta Platforms, Inc. on the Instagram and Facebook platforms. …
Continue Reading Meta Fined €390 Million by Irish DPC for Alleged Breaches of GDPR, Including in Behavioral Advertising Context
CIPL & Cisco Publish Joint Report on Business Benefits and ROI of Accountable Privacy Programs
On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Cisco’s Privacy Center of Excellence published a joint report on “Business Benefits of Investing in Data Privacy Management Programs.” …
Continue Reading CIPL & Cisco Publish Joint Report on Business Benefits and ROI of Accountable Privacy Programs
Claimant to Maintain Anonymity in English High Court Cyber Attack Case
On December 20, 2022, the English High Court has granted the victim of a cyber attack a permanent injunction against cyber attackers whilst the victim organization maintains its anonymity.
Continue Reading Claimant to Maintain Anonymity in English High Court Cyber Attack Case