On July 16, 2019, the Dutch Data Protection Authority announced that it had imposed a fine of €460,000 on a Dutch hospital for insufficient security measures under Article 32 of the GDPR.
Continue Reading
Penalty
ICO Publishes First Annual Report Since GDPR’s Implementation
Posted on
The UK Information Commissioner’s Office released its first Annual Report published since the GDPR took effect. This blog entry provides a summary of the Annual Report. …
Continue Reading
Washington AG Settles with Premera on Behalf of Multistate Coalition
Posted on
On July 11, 2019, Washington Attorney General Bob Ferguson announced that his office had entered into a consent decree and $10 million settlement with Premera Blue Cross (“Premera”) that stems from a 2014-2015 breach that affected more than 11 million individuals. The settlement, which includes a payment of roughly $5.4 million to Washington state and $4.6 million to a coalition of 29 other state Attorneys General (the “Multistate AGs”), is one of the largest ever for a breach involving protected health information (“PHI”) and comes just one month after another notable HIPAA settlement involving a similar coalition of state AGs.
…
Continue Reading
ICO Announces $124 Million Fine for Marriott International following Data Breach
Posted on
On July 9, 2019, the UK Information Commissioner’s Office announced that it intends to fine Marriott International £99,200,396 for a data breach violating the GDPR. This closely follows the £183 million fine for British Airways, announced on July 8.…
Continue Reading
ICO Announces $230 Million Fine for British Airways following Data Breach
Posted on
On July 8, 2019, the UK Information Commissioner’s Office announced that it intends to fine British Airways £183,390,000 for a data breach for violating the GDPR. This is the first fine to be announced publicly by the ICO under the GDPR.…
Continue Reading
ICO Reflects on a Year of GDPR
Posted on
The UK Information Commissioner’s Office recently published its reflections on the year that has passed since the implementation of the EU General Data Protection Regulation, together with a blog post by Elizabeth Denham, the UK Information Commissioner. …
Continue Reading
First Fine Imposed by the Belgian DPA Since GDPR
Posted on
On May 28, 2019, shortly after the appointment of the new Belgian commissioner and the Director of the Litigation Chamber, the Belgian Data Protection Authority imposed its first fine since the EU General Data Protection Regulation became applicable.…
Continue Reading
OCR Settles with Medical Imaging Services Company
Posted on
On May 6, 2019, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement and $3 million settlement with Touchstone Medical Imaging. The settlement is the first OCR HIPAA enforcement action in 2019, following an all-time record year of HIPAA enforcement in 2018.…
Continue Reading
FTC Settles with Two Online Operators for Failing to Secure Customers’ Data
Posted on
On April 24, 2019, the Federal Trade Commission announced two data security cases involving online operators that were alleged to have failed to take reasonable steps to secure consumers’ data, which allowed hackers to breach both websites.…
Continue Reading
ICO Issues GBP 400,000 Fine for Illegal Collection and Sharing of Personal Data
Posted on
On April 9, 2019, the UK Information Commissioner’s Office levied one of its most significant fines under the Data Protection Act 1998 against Bounty (UK) Limited. …
Continue Reading