The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations recently announced the publication of a report entitled “Cybersecurity and Resiliency Observations” that summarizes the observations gleaned from OCIE’s cybersecurity examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges and other SEC registrants.
Continue Reading
Compliance
FTC Finalizes Five Privacy Shield Settlements
Posted on
On January 16, 2020, the Federal Trade Commission announced that settlements with five companies of separate allegations that they had falsely claimed certification under the EU-U.S. Privacy Shield framework had been finalized.…
Continue Reading
FTC Finalizes Settlement with InfoTrax for Failure to Safeguard Consumer Data
Posted on
Posted in Enforcement, U.S. Federal Law
On January 6, 2020, the Federal Trade Commission announced that it granted final approval to a settlement with InfoTrax Systems, L.C. and its former CEO, Mark Rawlins, related to allegations that InfoTrax failed to implement reasonable, low-cost and readily available security safeguards to protect the personal information the company maintained on behalf of its business clients.
…
Continue Reading
FTC Issues Final Order in Cambridge Analytica Case
Posted on
The Federal Trade Commission announced its Final Order and Opinion in the matter of Cambridge Analytica, LLC, finding that Cambridge Analytica violated the FTC Act’s Section 5 prohibition against “unfair or deceptive acts or practices” when harvesting personal information.…
Continue Reading
Four Companies Settle FTC Allegations Related to Privacy Shield Misrepresentations
Posted on
On December 3, 2019, the Federal Trade Commission announced that it had reached settlements in four separate Privacy Shield cases. …
Continue Reading
Company Settles FTC Allegations of Privacy Shield Misrepresentation
Posted on
On November 19, 2019, the Federal Trade Commission announced that Medable, Inc. agreed to settle allegations that the company had misrepresented its participation in the EU-U.S. Privacy Shield program.…
Continue Reading
FTC Takes Action Against Companies Misrepresenting Compliance with the EU-U.S. Privacy Shield and Other International Privacy Agreements
Posted on
On June 14, 2019, the Federal Trade Commission announced that it has taken action against a number of companies that allegedly misrepresented their compliance with the EU-U.S. and Swiss-U.S. Privacy Shield frameworks and other international privacy agreements. This blog entry provides an overview of these developments.…
Continue Reading
CNIL Fines French Real Estate Service Provider for Data Security and Retention Failures
Posted on
On June 6, 2019, the CNIL announced that it levied a fine of 400,000 Euros on SERGIC, a French real estate service provider. This blog entry provides an overview of the case. …
Continue Reading
China Issues Draft of Data Security Administrative Measures
Posted on
On May 28, 2019, the Cyberspace Administration of China released draft Data Security Administrative Measures for public comment. This blog entry provides an overview of the proposed provisions.…
Continue Reading
OCR Settles with Medical Imaging Services Company
Posted on
On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.…
Continue Reading