Free tools and resources for Data Protection Officers!

Tag Archives for " sanctions "

CNIL issues first fine for data protection violations

French regulator CNIL has issued its first fine for violations of data protection laws, since it was given the power in the Digital Republic law passed last November. Previously it could only issue verbal warnings. Car rental firm Hertz was fined EUR 40,000 for exposing personal data of members of its discount programme on its website.

Source: Cnil issues first fine for data protection violations – Telecompaper

ICO issues record number of PECR penalties

The ICO issued, in the past 12 months, more fines for PECR (Privacy and Electronic Communication Regulations) breaches than ever before. The ICO’s 2016-17 Annual Report, issued today, reveals that the ICO issued 23 penalties totalling £1,923,000. One of the largest fines was £270,000, served on Road Traffic Consult trading as Media Tactics for making 22 million unsolicited automated marketing calls to members of the public.

Source: ICO issues record number of PECR penalties – Privacy Laws & Business

Four lessons NHS Trusts can learn from the Royal Free case

UK’s Information Commissioner’s Office (ICO) announced that the Royal Free London NHS Foundation Trust did not comply with the Data Protection Act when it turned over the sensitive medical data of around 1.6 million patients to Google DeepMind, as part of a clinical safety initiative.

Source: Four lessons NHS Trusts can learn from the Royal Free case | ICO Blog

FTC shuts down Blue Global for sharing consumers’ loan-application data

The Federal Trade Commission said it halted the operations of Blue Global Media after the company earned millions of dollars by falsely promising to match them with low-rate loans.

Source: FTC shuts down Blue Global for sharing consumers’ loan-application data | VentureBeat | Business | by Kevin Kelleher

Facebook’s Small Print Might Be Next Big Antitrust Target

Facebook Inc.’s small print may be the next big thing in European antitrust as watchdogs home in on how the world’s biggest social network collects information from users that helps generate vast advertising revenues.

Source: Facebook’s Small Print Might Be Next Big Antitrust Target – Bloomberg

New Data Protection Enforcement Provisions Take Effect in Russia

On July 1, 2017, a new law took effect in Russia allowing for administrative enforcement actions and higher fines for violations of Russia’s data protection law. The law, which was enacted in February 2017, imposes higher fines on businesses and corporate executives accused of data protection violations, such as unlawful processing of personal data, processing personal data without consent, and failure of data controllers to meet data protection requirements.

Source: New Data Protection Enforcement Provisions Take Effect in Russia

Gloucester City Council fined by ICO for leaving personal information vulnerable to attack

The Information Commissioner’s Office has fined Gloucester City Council £100,000 after a cyber attacker accessed council employees’ sensitive personal information.

Source: Gloucester City Council fined by ICO for leaving personal information vulnerable to attack | ICO

Reasonable Retention Of Personal Information: The Compliance Advantage Of Risk-Based Polices And Procedures For Information Governance

A recent privacy breach case in Canada offers practical guidance for organizations anywhere to avoid the over-retention of personal data. A May 2017 Order from the Office of the Information and Privacy Commissioner of Alberta provides new insight into the requirement under section 35 of the Personal Information Protection Act to retain personal information only as long as reasonably required.

Source: Reasonable Retention Of Personal Information: The Compliance Advantage Of Risk-Based Polices And Procedures For Information Governance

>