Regulatory Enforcement and Litigation

The Office of the Comptroller of the Currency (OCC) announced on August 6 that it had issued an $80 million civil penalty against Capital One, N.A., and Capital One Bank (USA), N.A.

The OCC cited noncompliance with 12 C.F.R. Part 30, Appendix B, “Interagency Guidelines Establishing Information Security
Standards.” Similar versions of these standards apply

On May 7, 2020, the New York Attorney General announced she will not sue Zoom after it agreed to adopt enhanced data security and privacy measures to protect the data of its 300 million plus users. As COVID-19 social distancing policies radically change the way individuals and industries communicate, Zoom saw a reported 3,000 percent

Following an 11th Circuit Court decision that struck down a 2018 Federal Trade Commission (FTC) order as “unenforceably vague,” the FTC has “instructed staff to closely review [their] orders to determine whether they could be strengthened and improved – particularly in the areas of privacy and data security.” Recent enforcement orders show the FTC

“European and U.S. regulators are likely to ramp up enforcement of privacy laws this year, especially children’s privacy.”

“The Federal Trade Commission is looking to update Children’s Online Privacy Protection Act rules. State attorneys general offices have said they’ll focus on protecting kids’ data. Irish data privacy enforcers said children’s privacy protections will be a

The Federal Trade Commission (FTC) has entered into a settlement with a provider of management software for car dealerships that held personal information, including SSN’s and payroll information, in cleartext, holding its practices to be in violation of the FTC Act’s prohibition against unfair practices and GLBA’s Safeguards Rule, which requires financial institutions to develop,

How has GDPR enforcement played out in the past year?

The Dutch Data Protection Authority (Autoriteitpersoonsgegevens, or AP) recently published a report on its 2018 activities.

The report highlights the growth of GDPR enforcement actions:

  • 27,000 people contacted the AP by telephone about the Privacy Act (2017: 9,500).
  • AP received more than 11,000 complaints.
  • AP

Data-rich companies like Facebook have a unique opportunity to capitalize on the recent surge in regulatory scrutiny and turn it to their advantage.

Savvy tech companies are attuned to public opinion and won’t allow others to control the narrative. They are already taking steps to regain the upper hand in the privacy debate.

Facebook demonstrated

The European General Data Protection Regulation (GDPR) comes into force on May 25, 2018.  This gives companies only two months to prepare for and comply with the GDPR. Companies should be conducting data mapping to identify all cross-border transfers of personal data so that they can determine the best way to comply with the GDPR

Acting Federal Trade Commission (FTC) Chairman Maureen K. Ohlhausen made it clear that she expects the FTC’s enforcement role in protecting privacy and security to encompass automated and connected vehicles. In her opening remarks at a June 28, 2017 workshop hosted by the FTC and National Highway Traffic Safety Administration (NHTSA), she said the FTC

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement. This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements.
Continue Reading $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk