background preloader

Privacy Fines Around the World - GDPR Looking into the Future...

Facebook Twitter

FTC Could Police U.S. Companies’ Promises on EU Data Privacy Law. Around the World with Data Privacy Laws - If you work with data, you have certainly heard by now about GDPR: the new European Union laws surrounding consumer data privacy that went into effect May 25, 2018.

Around the World with Data Privacy Laws -

But how about PIPEDA, NDB, APPI, CCPA, and SHIELD? These acronyms represent data privacy regulations in other countries (in these cases for Canada, Australia, Japan, California and New York respectively). Many are new or recently expanded, and all are examples of how your legal responsibilities to customers don’t stop with GDPR. More importantly, they represent an opportunity for you and your business to use data quality and 21st century marketing practices to differentiate yourself from your competition. Data Protection and Privacy Laws Are Becoming Increasingly Popular Let’s discuss some of these new regulations. Moreover, data privacy and security doesn’t stop with Europe and GDPR. Contact Data Plays a Key Role in Compliance Now, let’s talk about your contact data. Finally, let’s talk about you. Cyber Insurance v GDPR - The Myths, the Maths and the Law. We rarely switch on our computers without an email containing the latest guidance, opinions, dos and don'ts, risks, or the undeniable fact that the harsh penalties which are likely to flow from the GDPR from 25 May 2018 could be eye-watering.

Cyber Insurance v GDPR - The Myths, the Maths and the Law

It is also true that during 2016, the purchase of cyber insurance cover took an abrupt upward turn, not just in the UK but globally to the tune of some 50%1. The insurance industry has seen a dramatic and significant hike in premium income as cyber and ransomware attacks increase and the reality of the GDPR comes home to roost. KPMG predicts growth in the global cyber market will exceed $20 billion by 2025 in terms of cyber premiums2, compared to the 2016/17 level which stood at just $2.5 billion. High Court confirms data breach litigation risk. By Kate Macmillan The High Court has confirmed that data breach creates a huge litigation risk for business in the UK.

High Court confirms data breach litigation risk

Staff win 'landmark' claim over Morrisons data breach. By John-Paul Ford Rojas, Business Reporter Lawyers for thousands of current and former Morrisons staff have welcomed a "landmark" High Court ruling that the supermarket was partly liable for a data breach that saw their details posted online.

Staff win 'landmark' claim over Morrisons data breach

The case, which could have implications for every individual and business in the country, comes after the breach affecting 100,000 employees in 2014. Morrisons said it planned to appeal. The ruling concerns liability and, if it stands, any compensation will have to be assessed at a later date. Andrew Skelton, a senior internal auditor at the retailer's headquarters in Bradford, leaked the workers' payroll data, including names, addresses, bank account details and salaries, by posting it on the internet and sending it to newspapers. Skelton was later jailed for eight years in 2015 after a trial heard he appeared to have been motivated by a grudge against the company.

He therefore granted Morrisons leave to appeal. Google could be forced to pay £2.7 billion in compensation to iPhone users  Zurich Insurance hit with record data loss fine. Zurich Insurance has been hit with a £2.3 million penalty by the UK’s Financial Services Authority after it lost data relating to 46,000 of its customers.

Zurich Insurance hit with record data loss fine

Nationwide fine for stolen laptop. The Nationwide Building Society has been fined £980,000 by the City watchdog over security breaches.

Nationwide fine for stolen laptop

The fine follows the theft of a laptop from a Nationwide employee's home which contained confidential customer data. The Financial Services Authority (FSA) found security was not up to scratch after the man had put details of nearly 11 million customers on his computer. The FSA also found that the Nationwide did not start an investigation until three weeks after the theft occurred. Financial crime The FSA will not reveal exactly what was on the laptop as it has still not been recovered. The Nationwide claimed that the information on it could not have been used for identity fraud as there were no PIN numbers, passwords or account balance information on it. However, it appears the laptop may have contained names, addresses and account numbers. As a result, the building society's customers had been exposed to the risk of financial crime. Hawktalk. The ICO’s enforcement (or lack of enforcement depending on your view) in the Royal Free/DeepMind case has divided the data protection community.


The ICO found that the Royal Free had breached four data protection principles, had breached the medical confidentiality of 1.6 million patients but concluded that such a breach warranted an Undertaking. Reaction from many data protection specialists has often been on the following lines: “If a breach on this scale involving millions of patients’ Health Sensitive Personal Data does not warrant a Monetary Penalty Notice, what does?”. ICO less likely to fine charities for data breaches if they show staff training. The Information Commissioner's Office has said that in the event of a data breach it would be less likely to issue a monetary penalty to charities which had taken “reasonable steps” to prevent it, including staff training. When asked whether the Information Commissioner would be more likely to fine organisations who could not show evidence that at least 80 per cent of its staff were trained in data protection, a spokeswoman for the ICO said it would take “full account of the facts” in any investigation.

“In deciding whether it is appropriate to impose a monetary penalty and in determining the amount of that penalty, the commissioner will take full account of the facts of the contravention and of any representations made to her,” said the ICO spokeswoman. “That includes whether or not ‘reasonable steps’, such as staff training, were taken to prevent the contravention.” 'Would make no difference for serious breaches' Charity Commission opens compliance cases into 11 charities fined by ICO.

Key findings from the ICO's investigations into 11 charities. Yesterday the Information Commissioner’s Office fined 11 charities a combined total of £138,000 for data protection breaches and published monetary penalty notices outlining what each charity did wrong.

Key findings from the ICO's investigations into 11 charities

It published more than 200 pages explaining what it had found and the decision to fine the charities. Here’s a summary of key points from the ICO’s findings. Singapore’s PDPC: The DPO is ‘crucial’ “A DPO who carries out his role well is an asset to his organization.

Singapore’s PDPC: The DPO is ‘crucial’

He ensures compliance, yes, but he can do so much more.” Such was the message from the keynote stage here at the IAPP Asia Privacy Forum in Singapore, where Personal Data Protection Commission Deputy Commissioner Yeong Zee Kin used his opening address to highly tout the role of the data protection officer and expound upon the many resources the PDPC offers up to make the DPO successful. He noted the case of real estate firm CBRE, which was found to have mistakenly disposed of papers containing personal information in the trash. “Our investigation found,” Yeong said, “that they had implemented reasonable data protection policies, had regular trainings, and had guidance on disposal of personal information. And they had communicated them through a code of conduct and through the employment handbook. Councils urged to improve data protection practices to comply with GDPR.

Many councils have considerable work to do to in order to comply with the new General Data Protection Regulation (GDPR) that will come into force in May 2018, a survey conducted by the Information Commissioner’s Office (ICO) has revealed.

Councils urged to improve data protection practices to comply with GDPR

The ICO questioned councils at the end of last year about the effectiveness of information governance practices receiving a total of 173 responses. Medway told to roll out data protection training urgently by ICO. A council has this week been given an enforcement notice to urgently improve the data protection training it offers to staff in a bid to tighten up standards. Medway Council in Kent has been given six months to roll out mandatory data protection training to its staff by regulator the ICO, and has also been told to provide refresher training every two years. The ICO specified that delivery of the training should be tailored to reflect the needs of the staff following a training needs analysis. The council was originally told to roll out the training in October 2014, but a recent follow-up report by auditors found that the authority had not taken the necessary steps required to ensure that the training was being enforced.

“We’ve told this council several times they need to improve their data protection training for staff. They’ve not taken this action on board so we’ve been forced to issue this enforcement notice,” said Sally Anne Poole, ICO enforcement manager. Have you got a story to tell? Compliance Briefing: Malta lays out the financial consequences of GDPR breaches. Conference takes place on 27th June 2017 in St Julian’s Malta The EU’s new General Data Protection Regulatory framework comes into force next spring and is bound to be one of the key topics on everyone’s mind at the upcoming Compliance Briefing: Malta conference.

Failure to conform to the new regulations will result in a huge financial burden on small and large companies alike. Italian DPA Imposes Largest Ever Fine Imposed by a European Data Protection Authority: UK Payments Company Found to Have Breached Consent and Other Rules. UK charities fined for data law breaches. Image copyright Getty Images Eleven charities have been fined by the UK's data watchdog for misusing information about millions of past donors to seek further funds. Those fined include Oxfam, Cancer Research UK, The Royal British Legion and Battersea Dogs' and Cats' Home. Client Alert: There may be trouble ahead – customer engagement and GDPR. Three cases were decided this week which have the potential to make customer engagement harder as businesses get ready for the forthcoming General Data Protection Regulation (GDPR).

The cases involved fines for Flybe and Honda and a reprimand for Lands’ End. What did Flybe do? Flybe are a European regional airline based in Exeter. ICO warns UK firms to respect customers’ data wishes as it fines Flybe and Honda. Two companies have been fined a total of £83,000 for breaking the rules about how people’s personal information should be treated when sending marketing emails. Data Security Breaches: Are you prepared?

The 2015 Information Security Breaches Survey[1] reported that 90% of large organisations suffer at least one data security incident per year and each breach can cost on average £1.5 million. However, it is not just large organisations that need to be mindful of data security breaches, smaller organisations, particularly those holding valuable data sets, are at risk too. UK financial regulation: the FCA's enforcement priorities in 2016. As an example, the recently appointed new director of the FCA's Enforcement and Markets Division, Mark Steward, made it clear in November that the regulator would continue its focus on culture and related regulatory sanctions, despite stepping back from a formal review of banking culture.

Financial crime. GDPR compensation to dwarf £30bn bill for PPI claims - DecisionMarketing. The data regulator who governs some of the world’s biggest technology companies – including Facebook, Amazon and Google – has added her voice to warnings that the new EU data laws will trigger a tsunami of consumer lawsuits, amid reports that niche legal firms are already being established to cater for demand.

Irish Data Protection Commissioner Helen Dixon’s warning follows fears that some firms could be facing millions of pounds in compensation claims unless they get their customer data in order. European consumer lawsuit tsunami will come in wake of GDPR. Businesses with lax data compliance have been warned to expect a flood of lawsuits from consumers. Councils urged to improve data protection practices to comply with GDPR. GDPR to place extra burden on ICO, says commissioner.

Schools reported for hack attacks and data breaches avoid ICO punishment. Fine for lawyer who stored client files on home computer. Yet another subject access judgment... - Panopticon Panopticon. March 6th, 2017. Client Alert: European Court Limits Right to be Forgotten. Garante issues highest EU sanction on record. Money transfer: Garante privacy, 11 mln di multa a cinque società per...

GDPR summary: Why encryption, other measures are a must. Data protection: complaining, it's so yesterday! How Australia’s ‘Essential Eight’ sets the standard for sensitive data protection and breach notification. The Netherlands: almost 5500 data breaches notified in 2016. Cookie Law vs. GDPR: What's the Difference? The Privacy Elephant.

Fundraising and Regulatory Compliance Conference. GDPR and accountability. What do you call a firm that leaves customer financials unencrypted on a hard drive? RSA. The five-minute CIO: Helen Dixon, Data Protection Commissioner. Horizon to pay $1.1M over alleged privacy breech. German Government Presents Revised Draft GDPR Implementation Bill. Digital Single Market – Stronger privacy rules for electronic communications. Building a data centre? Data privacy regulations now weigh more than tax reductions - Data Economy. General Data Protection Regulation: the BC/DR impact. Popular smart toys violate children's privacy rights? - Help Net Security. Information Law Solutions Consultancy Glasgow, UK. Top 20 Government-imposed Data Privacy Fines Worldwide, 1999-2014.

Privacy Law & Regulations by Country. DLA Piper Global Data Protection Laws of the World - World Map. Draft Rules to Implement Philippines Data Privacy Act Released. German Data Protection Authority Issues Fines for Unlawful Cross-Atlantic Data Transfers. FCC Fines AT&T $25m for Data Privacy Lapse; Who Will Be Next? GP Practice fined £40,000 for data protection breach. ICO intends to fine 11 charities for breaching data-protection rules. Using a VPN in the UAE is now prohibited and you could face fines of up to $545,000. InMobi faces $4m fine for illegally collecting location data from young children.

Problem loading page. Popular smart toys violate children's privacy rights? - Help Net Security. PS 00005 2016 Resolucion de fecha 29 07 2016 Art ii culo 22.2 LSSI. How GDPR impacts a data controller based outside the EU. Lawyer Monthly - Fine Represents Highest Ever for Data Protection Breaches in the UK. Chapter 7: Lawful basis for processing – Unlocking the EU General Data Protection Regulation. UAE Outlaws Sales of Personal Data and Increases Fines for Companies - Data Protection Report. Peru: Decree introduces exemptions to consent for data processing - DataGuidance. The Right to Be Forgotten (Google v. Spain) New draft of Argentine data protection law open for comment. German company fined for DPO conflict of interest. Update on amendments to Japan's privacy law.

France adopts Law for a Digital Republic: key data provisions are a jump-start on the GDPR. South Korea Enacts Stricter Penalties for Data Protection Violations by Telecommunications and Online Services Providers. Material Changes to French Data Protection Regulation. Spain - Fine imposed for unsolicited communication send through a 'tell-a-friend' system - DAC Beachcroft. Microsoft victory in overseas data privacy case stands. A Kinder, Gentler Spanish Data Protection Authority? Brazilian Regulators Slap $1.59 Million Fine on Telecom Giant Oi, Alleging Violations of Users’ Privacy Rights. Dutch Data Protection Authority increases maximum fine for data breaches committed by telecom providers.