On August 30, 2021, the U.S. Securities and Exchange Commission announced it had settled three administrative cases involving a total of eight registered broker-dealers and investment advisers for failures in their cybersecurity policies and procedures.
Continue Reading SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

The U.S. Securities and Exchange Commission recently announced that Pearson plc agreed to pay a $1 million civil penalty in a settlement related to charges that Pearson misled investors about a 2018 data breach resulting in the theft of millions of student records, including birth dates and email addresses.
Continue Reading SEC Sanctions Public Company for Misleading Disclosures About Data Breach

On August 9, 2021, the UK First-Tier Tribunal (General Regulatory Chamber) (“FTT”) reduced a fine imposed by the UK Information Commissioner’s Office (“ICO”) against Doorstep Dispensaree Ltd (“DDL”) from £275,000 to £92,000, a reduction of approximately two thirds. DDL, which supplies medicines to customers and care homes, was fined in December 2019 for failure to comply with the EU General Data Protection Regulation (“GDPR”). The ICO also issued an Enforcement Notice, requiring DDL to take certain actions to bring its processing into compliance.

Continue Reading UK First-Tier Tribunal Cuts ICO’s Doorstep Dispensaree Fine by Two Thirds

On August 2, 2021, the Italian Data Protection Authority announced that it had levied a €2,500,000 fine on Deliveroo Italy s.r.l. for the unlawful processing of personal data of approximately 8,000 Deliveroo riders and various infringements of the GDPR.
Continue Reading Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

On July 16, 2021, the Luxembourg data protection authority (Commission nationale pour la protection des donées, “CNPD”) imposed a record-breaking €746 million fine on Amazon Europe Core S.à.r.l. for alleged violations of the EU General Data Protection Regulation (“GDPR”). The CNPD also ordered Amazon to revise certain of its practices.
Continue Reading Luxembourg DPA Fines Amazon 746 Million Euros for GDPR Violations

On June 15, 2021, the SEC announced it settled charges against real estate services company First American Financial Corporation (“First American”) for alleged violation of Rule 13a-15(a) of the Exchange Act. The SEC charged First American with failure to maintain disclosure controls and procedures designed to ensure that all available, relevant information concerning a software vulnerability that led to a cybersecurity incident was filed with the Commission.

Continue Reading SEC Settles Charges Against Real Estate Services Company Over Control Failures Related to Cybersecurity Disclosure