background preloader

Privacy Fines Around the World - GDPR Looking into the Future...

Facebook Twitter

Facebook fined $224,000 by French data watchdog over privacy breaches. There are Dutch lessons in breach notification as GDPR approaches. Data protection laws and regulations are about to get a boost in the spectre of stiff fines.

There are Dutch lessons in breach notification as GDPR approaches

The EU General Data Protection Regulation (GDPR) comes with a notification duty for data breaches, and the Dutch have pioneering experience. By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy. The Netherlands previously took a leap forward with its own so-called cookie law, which obligated website owners to ask visitors explicit permission to place cookies on their computing devices. This was meant to curtail privacy-invading cookies and promote consumer awareness.

Web surfers got swamped with cookie requests and hence were trained to blindly click on “OK”. Already in effect. David Clarke collected this story - Linkis.com. Met Police: Quarter of cyber-crimes solved, GDPR could be the next PPI. Three years ago, Stephen Greenhalgh, London's former deputy mayor for policing, described the Metropolitan Police's handling of cyber-crime as a disgrace.

Met Police: Quarter of cyber-crimes solved, GDPR could be the next PPI

Detective chief inspector Andrew Gould, head of the Metropolitan Police Cyber Crime Unit, speaking at a breakfast briefing with Remora last week in London, agreed that at that time it was a fair comment. However, he went on to point out that there has since been a sea-change in the Met's approach, prioritisation and capabilities, with 300 new staff appointed to handle cyber-crime, including the setting up of the Falcon (Fraud and Linked Crime Online) unit. Initially law enforcement wasn't equipped to cope with the shift in crime online, but then found many of the tools and techniques are those used in terrorism, plus its experience of tackling organised crime helped bring down cyber-crime groups. Nonetheless, victims increasingly report cyber-crime. Yahoo’s EU Watchdog set to show teeth as privacy probe wraps up. A £200,000.00 fine after confidential information is revealed online. — Think Tank Legal - Legal Consultants, Commercial Lawyers, Corporate Lawyers, Business Lawyers, Commercial and Corporate Law.

HCA International Ltd, a private health company, has been fined £200,000.00 by the Information Commissioner’s Office (“ICO”) because they failed to keep fertility patients’ personal information secure.

A £200,000.00 fine after confidential information is revealed online. — Think Tank Legal - Legal Consultants, Commercial Lawyers, Corporate Lawyers, Business Lawyers, Commercial and Corporate Law

The fine followed an investigation by the ICO into the way that the Lister Hospital was storing, transcribing and transferring records they held about patient IVF appointments. The hospital in question is one of a number forming a worldwide network of private health care facilities where patients can benefit from various services, including fertility treatment. The problem came to light in April 2015 when a patient at the hospital discovered that transcripts which included details of interviews with IVF patients were freely available by online search.

The ICO’s investigation found that the hospital had been freely sending audio records of interviews, which were unencrypted, to a company in India via email since 2009. Italian DPA Imposes Largest Ever Fine Imposed by a European Data Protection Authority: UK Payments Company Found to Have Breached Consent and Other Rules. UK charities fined for data law breaches. Image copyright Getty Images Eleven charities have been fined by the UK's data watchdog for misusing information about millions of past donors to seek further funds.

UK charities fined for data law breaches

Those fined include Oxfam, Cancer Research UK, The Royal British Legion and Battersea Dogs' and Cats' Home. Client Alert: There may be trouble ahead – customer engagement and GDPR. Three cases were decided this week which have the potential to make customer engagement harder as businesses get ready for the forthcoming General Data Protection Regulation (GDPR).

Client Alert: There may be trouble ahead – customer engagement and GDPR

The cases involved fines for Flybe and Honda and a reprimand for Lands’ End. What did Flybe do? Flybe are a European regional airline based in Exeter. The airline has a history of data protection issues and in September 2015 its CEO signed an undertaking to the UK data regulator, the Information Commissioner’s Office (ICO) promising that the airline would improve.

The most recent case includes an email campaign that Flybe undertook in August 2016. One of the email recipients complained to the ICO. ICO warns UK firms to respect customers’ data wishes as it fines Flybe and Honda. Two companies have been fined a total of £83,000 for breaking the rules about how people’s personal information should be treated when sending marketing emails.

ICO warns UK firms to respect customers’ data wishes as it fines Flybe and Honda

An investigation by the Information Commissioner’s Office (ICO) found Exeter-based airline Flybe deliberately sent more than 3.3 million emails to people who had told them they didn’t want to receive marketing emails from the firm. The emails, sent in August 2016 by Flybe, with the title ‘Are your details correct?’ Advised recipients to amend any out of date information and update any marketing preferences. The email also said that by updating their preferences, people may be entered into a prize draw. The airline has now been fined £70,000 for breaking the Privacy and Electronic Communication Regulations (PECR).

A separate ICO investigation into Honda Motor Europe Ltd revealed the car company had sent 289,790 emails aiming to clarify certain customers’ choices for receiving marketing. Steve Eckersley, ICO Head of Enforcement, said: Data Security Breaches: Are you prepared? The 2015 Information Security Breaches Survey[1] reported that 90% of large organisations suffer at least one data security incident per year and each breach can cost on average £1.5 million.

Data Security Breaches: Are you prepared?

However, it is not just large organisations that need to be mindful of data security breaches, smaller organisations, particularly those holding valuable data sets, are at risk too. Whilst the biggest cost of a data security breach to an organisation is often the disruption to the business, the cost and reputational risk associated with regulatory fines and claims brought by data subjects should not be ignored. In order to minimise the impact of a data security breach on your organisation, you should understand your obligations under the Data Protection Act 1998 (DPA) and other relevant legislation, and this article outlines some of those obligations. UK financial regulation: the FCA's enforcement priorities in 2016. As an example, the recently appointed new director of the FCA's Enforcement and Markets Division, Mark Steward, made it clear in November that the regulator would continue its focus on culture and related regulatory sanctions, despite stepping back from a formal review of banking culture.

UK financial regulation: the FCA's enforcement priorities in 2016

Financial crime Financial crime issues including anti-money laundering (AML), bribery, corruption and fraud were included in the FCA's 2015 Business Plan as one of the regulator's priority areas of focus for the first time. Since then, the FCA's Financial Crime Guide and recent enforcement action have made it clear that the regulator will take significant action against firms and individuals that fail to meet its high regulatory standards in these areas, including imposing high level financial penalties and other sanctions. Cyber security Consumer credit Senior management responsibility. GDPR compensation to dwarf £30bn bill for PPI claims - DecisionMarketing. The data regulator who governs some of the world’s biggest technology companies – including Facebook, Amazon and Google – has added her voice to warnings that the new EU data laws will trigger a tsunami of consumer lawsuits, amid reports that niche legal firms are already being established to cater for demand.

GDPR compensation to dwarf £30bn bill for PPI claims - DecisionMarketing

European consumer lawsuit tsunami will come in wake of GDPR. Businesses with lax data compliance have been warned to expect a flood of lawsuits from consumers.

European consumer lawsuit tsunami will come in wake of GDPR

The initial consequence of the arrival of the new EU General Data Protection Regulation (GDPR) will be a surge in the number of legal cases taken by consumers against businesses over the handling of their data. Experts agree that businesses simply aren’t ready for the likely surge in litigation. ‘Consumer litigation and class actions will quickly follow once this regulation goes live, as has happened in the US’– PAT MORAN In recent months, Data Protection Commissioner of Ireland, Helen Dixon, warned Siliconrepublic.com readers of the legal tsunami that is looming. At a PwC briefing on GDPR, business leaders were told that the new regulation is far-reaching and compliance should not be underestimated.

Councils urged to improve data protection practices to comply with GDPR. Many councils have considerable work to do to in order to comply with the new General Data Protection Regulation (GDPR) that will come into force in May 2018, a survey conducted by the Information Commissioner’s Office (ICO) has revealed. The ICO questioned councils at the end of last year about the effectiveness of information governance practices receiving a total of 173 responses. While the findings found that “positive measures” were being put in place in councils to ensure data was being handled and protected correctly, the survey also highlighted that there was “work to do” in many local councils to adhere to the Data Protection Act in order to fall in line with the incoming regulations.

Strikingly, only a quarter of councils had a data protection officer in place, despite the GDPR requiring that all public authorities have one by next year. GDPR to place extra burden on ICO, says commissioner. The Information Commissioner’s Office (ICO) plans to expand its staff to deal with the extra work burden to be imposed by the European Union’s (EU’s) General Data Protection Regulation (GDPR). By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

“With the coming of the GDPR, we will have more responsibilities and new enforcement powers,” said UK information commissioner Elizabeth Denham. Schools reported for hack attacks and data breaches avoid ICO punishment. Dozens of schools that breached data protection rules have walked away without punishment, despite being reported to the information watchdog. New figures obtained exclusively by Schools Week show that during the past school year the Information Commissioner’s Office (ICO) dealt with 66 reports of breaches by schools of the Data Protection Act 1998. Almost half the reports related to information accidentally revealed, with five of the cases occurring at special schools. Fine for lawyer who stored client files on home computer. A senior barrister who failed to keep clients’ sensitive personal information secure has been fined £1,000 by the Information Commissioner’s Office (ICO). Information belonging to up to 250 people, including vulnerable adults and children, was uploaded to the internet when the barrister’s husband updated software on the couple’s home computer.

Some 725 unencrypted documents, which were created and stored on the computer, were temporarily uploaded to an internet directory as a back up during the software upgrade. They were visible to an internet search engine and some of the documents could be easily accessed through a simple search. Six of those files contained confidential and highly sensitive information relating to people who were involved in proceedings in the Court of Protection and the Family Court. Steve Eckersley, head of enforcement at the ICO said: Yet another subject access judgment... - Panopticon Panopticon. March 6th, 2017 So, as the saying goes, you wait months for a subject access judgment, and then three come along at once. First it was Holyoake v CPC & Christian Candy (see Julian Milford’s post here); then it was Dawson-Damer v Taylor Wessing (see Chris Knight’s post here) and now, drum-roll, we have the joined appeals of Ittihadieh v 5-11 Cheyne Gardens & Ors and Deer v Oxford University [2017] EWCA Civ 121.

As ever with these cases, the facts are somewhat less than scintillating. Briefly: Mr Ittihadieh had a relationship with a particular property management company which was…well…somewhat vexed. Here are the highlights of the Court of Appeal’s judgment: Client Alert: European Court Limits Right to be Forgotten. Yesterday the European Court (ECJ) returned again to the Right to be Forgotten in a case referred to Luxembourg from the Corte Suprema di Cassazione (an Italian court).

The case is likely to put limits on the Right to be Forgotten. Garante issues highest EU sanction on record. Money transfer: Garante privacy, 11 mln di multa a cinque società per... Money transfer: Garante privacy, 11 mln di multa a cinque società per uso illecito di dati. GDPR summary: Why encryption, other measures are a must. This post was provided courtesy of Tom de Cordier, Partner at CMS DeBacker.

Tom possesses extensive experience in privacy and data protection law, telecommunications law, IT law, and technology-related IP. The second week of April 2016 was another busy week in privacy land! Data protection: complaining, it's so yesterday! How Australia’s ‘Essential Eight’ sets the standard for sensitive data protection and breach notification. Globally, more and more jurisdictions are releasing mandates that will have a substantial impact on companies regarding breach notification and the protection of sensitive data.

One of those cyber security mandates put into action recently happened in Australia. The Netherlands: almost 5500 data breaches notified in 2016. Cookie Law vs. GDPR: What's the Difference? If you are wondering what to do to prepare for the EU's GDPR, the best advice is simply logical. Recently, I was speaking to a group of crazy smart graduate tech students – who were clearly more intelligent than me – about privacy, and a simple question from one of the students brought everything into focus. The Privacy Elephant. Fundraising and Regulatory Compliance Conference. GDPR and accountability. IntroductionIt’s a pleasure to be here talking about privacy regulation in the digital age. What do you call a firm that leaves customer financials unencrypted on a hard drive? RSA.

The five-minute CIO: Helen Dixon, Data Protection Commissioner. Horizon to pay $1.1M over alleged privacy breech. German Government Presents Revised Draft GDPR Implementation Bill. Digital Single Market – Stronger privacy rules for electronic communications. Building a data centre? Data privacy regulations now weigh more than tax reductions - Data Economy. General Data Protection Regulation: the BC/DR impact. Popular smart toys violate children's privacy rights? - Help Net Security. Information Law Solutions Consultancy Glasgow, UK. Top 20 Government-imposed Data Privacy Fines Worldwide, 1999-2014. Privacy Law & Regulations by Country. DLA Piper Global Data Protection Laws of the World - World Map. Draft Rules to Implement Philippines Data Privacy Act Released.

German Data Protection Authority Issues Fines for Unlawful Cross-Atlantic Data Transfers. FCC Fines AT&T $25m for Data Privacy Lapse; Who Will Be Next? GP Practice fined £40,000 for data protection breach. ICO intends to fine 11 charities for breaching data-protection rules. Using a VPN in the UAE is now prohibited and you could face fines of up to $545,000. InMobi faces $4m fine for illegally collecting location data from young children. Problem loading page. Popular smart toys violate children's privacy rights? - Help Net Security. PS 00005 2016 Resolucion de fecha 29 07 2016 Art ii culo 22.2 LSSI. How GDPR impacts a data controller based outside the EU.

Lawyer Monthly - Fine Represents Highest Ever for Data Protection Breaches in the UK. Chapter 7: Lawful basis for processing – Unlocking the EU General Data Protection Regulation. UAE Outlaws Sales of Personal Data and Increases Fines for Companies - Data Protection Report. Peru: Decree introduces exemptions to consent for data processing - DataGuidance. The Right to Be Forgotten (Google v. Spain) New draft of Argentine data protection law open for comment. German company fined for DPO conflict of interest. Update on amendments to Japan's privacy law.

France adopts Law for a Digital Republic: key data provisions are a jump-start on the GDPR. South Korea Enacts Stricter Penalties for Data Protection Violations by Telecommunications and Online Services Providers. Material Changes to French Data Protection Regulation. Spain - Fine imposed for unsolicited communication send through a 'tell-a-friend' system - DAC Beachcroft.

Microsoft victory in overseas data privacy case stands. A Kinder, Gentler Spanish Data Protection Authority? Brazilian Regulators Slap $1.59 Million Fine on Telecom Giant Oi, Alleging Violations of Users’ Privacy Rights. Dutch Data Protection Authority increases maximum fine for data breaches committed by telecom providers.