On September 25, 2015, the UK Information Commissioner’s Office issued a fine of 200,000 pounds to Home Energy and Lifestyle Management Ltd. for making a large number of automated marketing calls in violation of the UK’s direct marketing laws. … Continue Reading
On September 22, 2015, the Securities and Exchange Commission announced a settlement order with an investment adviser for failing to establish cybersecurity policies and procedures, and published an investor alert entitled Identity Theft, Data Breaches, and Your Investment Accounts.… Continue Reading
On August 20, 2015, the Bavarian Data Protection Authority issued a press release stating that it imposed a significant fine on a data controller for failing to adequately specify the security controls protecting personal data in a data processing agreement with a data processor.… Continue Reading
On June 30, 2015, the French Data Protection Authority summarized the results of the cookie inspections it conducted at the end of 2014.… Continue Reading
On May 28, 2015, the German government adopted a draft law that would require telecommunications and Internet service providers to retain Internet and telephone usage data.… Continue Reading
On May 26, 2015, the Upper House of the Dutch Parliament passed a bill that introduces a general data breach notification obligation for data controllers and provides increased sanctions for violations of the Dutch Data Protection Act.… Continue Reading
On May 5, 2015, the Financial Crimes Enforcement Network of the U.S. Treasury Department, in coordination with the U.S. Attorney’s Office for the Northern District of California, announced a civil monetary penalty of $700,000 against Ripple Labs, Inc. and its subsidiary XRP II, LLC for violations of the Bank Secrecy Act.… Continue Reading
The Department of Health and Human Services recently announced a resolution agreement and $125,000 settlement with Cornell Prescription Pharmacy in connection with the disposal of prescription records in an unsecured dumpster on Cornell's premises.… Continue Reading
On April 8, 2015, a New York Assemblyman introduced the Data Security Act in the New York State Assembly that would require New York businesses to implement and maintain information security safeguards. The Data Security Act also expands the scope of New York’s breach notification law.… Continue Reading
On April 16, 2015, the French Data Protection Authority published its Annual Activity Report for 2014, which highlights its accomplishments during the past year and outlines new topics it will consider further in 2015.… Continue Reading
On April 8, 2015, the Federal Communications Commission announced a $25 million settlement with AT&T Services, Inc. stemming from allegations that AT&T failed to protect the confidentiality of consumers’ personal information.… Continue Reading
On February 27, 2015, the White House released a highly-anticipated draft of the Consumer Privacy Bill of Rights Act of 2015 that seeks to establish baseline protections for individual privacy in the commercial context and to facilitate the implementation of these protections through enforceable codes of conduct.… Continue Reading
The Brazilian government recently issued the Preliminary Draft Bill for the Protection of Personal Data on a website specifically created for public debate on the draft bill.… Continue Reading
On January 12, 2015, Senator James Merritt (R-Indianapolis) introduced a new security breach bill that would impose substantial new privacy obligations on companies holding the personal data of Indiana residents.… Continue Reading
On January 5, 2015, the Alameda County District Attorney's Office announced that Safeway Inc. has agreed to pay USD 9.87 million to settle claims that the company unlawfully disposed of customer medical information and hazardous waste in violation of California's Confidentiality of Medical Information Act and hazardous waste laws. … Continue Reading
On December 19, 2014, the Federal Trade Commission announced a settlement of at least 90 million USD with mobile phone carrier T-Mobile USA, Inc. stemming from allegations related to mobile cramming.… Continue Reading
On December 18, 2014, the Financial Crimes Enforcement Network issued a 1 million USD civil penalty against the former Chief Compliance Officer of MoneyGram International, Inc. based on allegations that the company inadequately responded to consumer fraud complaints and failed to meet its legal obligations under the Bank Secrecy Act.… Continue Reading
The Department of Health and Human Services recently announced a resolution agreement and settlement with Anchorage Community Mental Health Services in connection with a data breach caused by malware.… Continue Reading
On November 17, 2014, the FTC announced that data privacy certifier TRUSTe has agreed to settle charges that the company deceived consumers about its recertification program and misrepresented that it was a non-profit entity in violation of Section 5 of the FTC Act.… Continue Reading
On October 24, 2014, the Federal Communications Commission announced that it intends to impose a $10 million fine on TerraCom, Inc. and YourTel American, Inc. for violating privacy laws relating to their customers' personal information. This announcement marks the first data security case and largest privacy action brought by the FCC to date.… Continue Reading
The UK government has announced proposals designed to make it easier for the Information Commissioner's Office to fine companies responsible for nuisance calls and text messages.… Continue Reading
On October 10, 2014, TD Bank entered into an assurance of voluntary compliance to settle claims by a multistate group of nine attorneys general that the company violated state consumer protection and personal information safeguards laws in connection with a 2012 data breach.… Continue Reading
On October 14, 2014, rent-to-own retailer Aaron’s, Inc. (“Aaron’s”) entered into a $28.4 million settlement with the California Office of the California Attorney General related to charges that the company permitted its franchised stores to unlawfully monitor their customers’ leased laptops.… Continue Reading
On October 8, 2014, the Federal Trade Commission announced an 80 million USD settlement with AT&T Mobility, LLC stemming from allegations that the company charged its customers without their consent for services provided by third-parties, a practice known as mobile cramming.… Continue Reading
