GRC Report Staff

Austrian High Court Upholds €13 Million GDPR Fine Over Political Profiling

Austria's highest administrative court has brought one of the country's most closely watched data protection cases to a close, confirming that the creation and commercial use of inferred political preferences for millions of people violated the General Data Protection Regulation and clarifying several principles that will shape how GDPR fines are assessed in the years ahead.

PwC Fined £3.25 Million After UK Regulator Finds Serious Audit Failures in Babcock Engagement

The Financial Reporting Council has again found itself scrutinizing PwC's work on Babcock International, but this time the focus is on a different set of audits and a different engagement partner. The conclusion, however, is familiar. After a separate investigation into the company's statutory audits for the financial years ending March 31, 2019, and March 31, 2020, the UK audit regulator has imposed a £3.25 million financial penalty on the firm, concluding that the quality of the audits fell below the standard expected of statutory auditors.

23andMe Agrees to $18 Million Settlement Over 2023 Genetic Data Breach

The legal fallout from 23andMe's 2023 data breach is now colliding with the company's bankruptcy proceedings. A coalition of 42 state attorneys general announced Tuesday that it has reached an $18 million settlement with the bankruptcy trustee for 23andMe, resolving allegations that the genetic testing company failed to implement reasonable safeguards before a breach that exposed the information of 6.9 million customers worldwide.

Glenmark to Pay More Than $29 Million in Multistate Generic Drug Price-Fixing Settlement

A bipartisan coalition of 49 attorneys general has secured more than $29 million from Glenmark Pharmaceuticals to resolve allegations that the company participated in a long-running scheme to inflate the prices of generic prescription drugs, New York Attorney General Letitia James announced Wednesday.

Canadian Securities Regulators Tells Registered Firms to Strengthen Cybersecurity After Review Finds Gaps

The Canadian Securities Administrators did not set out to measure how many firms had suffered cyber incidents. Instead, it examined something more revealing: whether the safeguards meant to prevent those incidents were keeping pace with the way financial firms now operate.

Redi-Bag Agrees to $7.3 Million Settlement Over Alleged Customs Duty Evasion

The Department of Justice announced Wednesday that New York Packaging, which does business as Redi-Bag, and its chief executive, have agreed to resolve allegations that they falsely declared the country of origin of imported polyethylene retail carrier bags, allowing the company to avoid antidumping duties owed to the United States.

Norway Warns Financial Institutions Face More Complex Risks Despite Stable Operations

Norway's financial sector entered 2026 from a position most regulators would envy. Payment services remained stable throughout the previous year, operational disruptions stayed broadly in line with recent experience, and none of the ICT incidents reported in 2025 threatened financial stability. That stability, however, is not what concerns the Norwegian Financial Supervisory Authority.