The Information Commissioner's Office (ICO), the UK's independent regulator for data protection and privacy matters, has unveiled updated guidance concerning the issuance of penalty notices for infringements of data protection laws. This announcement comes as part of the ICO's ongoing efforts to enforce the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
In response to the recent cyberattack affecting Change Healthcare, a unit of UnitedHealth Group (UHG), the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) has taken decisive action to address the significant disruption caused to the nation's healthcare and billing systems. The cyberattack, which occurred in late February, has raised concerns regarding patient care and the integrity of essential healthcare operations nationwide.
FORIOU, a company specializing in marketing loyalty programs and cards, has been slapped with a substantial fine of €310,000 by the French data protection authority, CNIL (Commission Nationale de l'Informatique et des Libertés). The penalty comes as a result of FORIOU's use of prospect data obtained from data brokers for commercial prospecting purposes without ensuring valid consent from the individuals involved.
The Reserve Bank of New Zealand has unveiled plans to implement robust cyber reporting rules, following the publication of consultation feedback and decisions on collecting essential data to fortify defenses against cyber threats.
AuditBoard, an established risk, compliance, and audit management platform, has released the results of an extensive study examining the ramifications of the SEC Cybersecurity Disclosure Rules on businesses. Drawing insights from a survey involving over 300 executives and security professionals in North America, the report delves into the profound implications of the new U.S. Securities and Exchange Commission (SEC) cybersecurity disclosure ruling, which took effect on December 15, 2023.
The Federal Trade Commission (FTC) has mandated that software provider Avast pays $16.5 million and cease the sale or licensing of web browsing data for advertising purposes. The settlement comes as a response to charges asserting that Avast, along with its subsidiaries, violated privacy commitments by selling user data despite assuring customers that its products would safeguard them from online tracking.
California Attorney General Rob Bonta revealed a settlement with DoorDash, concluding an investigation that exposed the company's breaches of the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA).