The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Healthcare Document Retention
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
No Password Required: MITRE Engage Lead, Innovator in Cyber Deception, and Dance Community Builder
Navigating State Privacy Laws: A Conversation with Oregon & Texas Regulators about Privacy Enforcement
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
Episode 326 -- Dottie Schindlinger on Diligent's Report on Board Oversight of Cybersecurity Risks and Performance
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Information Security and ISO 27001
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
Data Centers: Demand, Development, and Future Challenges With Ali Greenwood — TAG Infrastructure Talks Podcast
On 26 August the Dutch Data Protection Authority (DPA) fined Uber EUR 290 million for a breach of the General Data Protection Regulation (GDPR). Following a number of complaints from French Uber drivers, the DPA found that...more
The Brazilian Data Protection Authority (Autoridade Nacional de Proteção de Dados, “ANPD”), applied its first two sanctions of 2024 against two Brazilian governmental institutions. It is worth noting that, as both are public...more
New York AG Letitia James settled with US Radiology Specialists, Inc. to resolve allegations that the private radiology group violated New York’s Executive Law and General Business Law by failing to adequately protect...more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the...more
On May 12, 2022, the European Data Protection Board (EDPB) published its long-awaited Guidelines 04/2022 on the calculation of fines under the General Data Protection Regulation (GDPR). After many data protection authorities...more
Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
A data breach can be the result of a cyber/ransomware attack or an honest mistake. Either way, the potential impact of compromised data is huge. This impact can be financial (in the form of fines) and reputational (by...more
Despite the great strides companies have made to mitigate the risks associated with security breaches, including putting insurance in place to cover those risks, cyber criminals have remained two steps ahead, finding new and...more
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
You know that cleaning out the garage is a good idea. You would have more storage space and would even be able to put the car into the garage, which is better for security, for keeping it clean, and for ensuring an easy start...more
Amazon’s financial records have revealed that the Luxembourg data protection supervisory authority, the Commission Nationale pour la Protection des Données (“CNPD”), is fining the retailer’s European arm (Amazon Europe Core...more
At £20 million, the fine imposed on British Airways (BA) for its infringement of the General Data Protection Regulation is the biggest fine of its kind in the history of the U.K.’s Information Commissioner’s Office (ICO)....more
As announced by a press release dated 1 October 2020, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) has issued a fine of €35,258,707.95 (approx. US$41.2 million) against H&M Hennes &...more
As we previously reported, Capital One Financial Corporation announced in July 2019 a major data security breach when an individual gained unauthorized access to personal information about Capital One credit card customers. ...more
The Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority, has recently issued guidance outlining its approach to the enforcement of data protection obligations during the COVID-19 pandemic....more
The decision to appeal a regulatory finding is never taken lightly. By the time a regulator has completed its investigation and notified a company of its intention to fine, the company will have invested significant time and...more
Report on Supply Chain Compliance 3, no. 4 (February 20, 2020) - The Information Commissioner’s Office fined DSG Retail Limited (DSG) 500,00 British pounds after an investigation discovered a data breach involving the...more
Since the first enforcement actions have been initiated, some with significant fines, many companies may find themselves somewhat at a loss as they may not fully know how to assess the risks involved and how to react should...more
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency....more
With it being Halloween, October being National Cybersecurity Awareness Month, and 2019 drawing to an end, let’s take a look at the data privacy breaches giving compliance professionals a fright this year! ...more
Any doubt that the world of data protection changed profoundly when the European Union’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, were solidly dispelled when the United Kingdom’s Information...more
On 8 July 2019, the U.K. Information Commissioner’s Office (ICO) issued a Notice of Intent to fine British Airways (BA) £183.39 million (approximately $232 million). While the Notice of Intent, as the name suggests, is not a...more
On July 8, 2019, the Information Commission’s Office (ICO) announced its intention to fine British Airways £183.39M ($230M), for infringements of the General Data Protection Regulation (GDPR)....more
If you wait for them, the big General Data Protection Regulation (GDPR) fines will come. UK Data protection authority, ICO, announced its intent to fine British Airways 183 million GBP (1.5 percent of annual revenue) for a...more