As personal data protection continue to challenge companies it is becoming apparent that the commissions and other structures that police these issues have become impatient with organisations that are not complying with recommendations. For the first time those companies which have suffered a data breach and been found not in compliance are feeling the wrath of governing bodies.
UK's ICO is increasingly active in their efforts to reduce offences in anti-spam regulations and data breaches. In 2017, we witnessed an annual rise in fines of nearly 69 percent, from £2.9 to £4.9 million. A total of 104 companies has been fined a total of £8.7 million for failures since August 2015.
As much as Facebook would like to sweep the Cambridge Analytica data scandal under the rug, signs continue to mount that the company is still playing fast and loose with user data. All this raises the question of whether the 2011 FTC settlement that resulted in an 8-count consent decree actually went far enough.
ICO had a busy 2018 with the ten largest fines totaling about £5,000,000 and also the first ICO fines levied at the maximum amount for Facebook and Equifax.
Google received €50 million in GDPR fines from French regulator CNIL for failing to adequately inform users about their data collection practices, and not giving users enough control over how their information is used. What are the lessons learnt?
At a proposed value of £183 million, British Airways is facing the highest record of GDPR fines, Britain's DPA is making it clear that companies should protect customers’ data or be ready to pay.
Record-setting FTC fine of $700 million on Equifax data breach settlement is a warning of things to come as federal agencies step up protection of consumer data and personal information.
The size of today's GDPR penalties has set the level against which all future data breach fines will be judged as global data breaches are pursued by multiple regulatory authorities and private citizens alike.
In a new California lawsuit, Facebook is accused of failing to adequately comply with information and subpoena requests related to the company’s privacy practices.