GRC Report Staff

The Irish Data Protection Commission (DPC) has levied a substantial fine of €310 million against LinkedIn Ireland Unlimited Company, following a lengthy inquiry into the company's data processing practices. This inquiry, initiated on August 20, 2018, stemmed from a complaint lodged by the French non-profit organization La Quadrature Du Net. Initially filed with the French Data Protection Authority, the complaint was subsequently referred to the DPC, which serves as the lead supervisory authority for LinkedIn.

The Consumer Financial Protection Bureau (CFPB) has mandated that Apple Inc. and Goldman Sachs Group, Inc. pay more than $89 million due to substantial customer service failures and misleading practices affecting hundreds of thousands of Apple Card users. The CFPB's investigation revealed that the two companies mishandled transaction disputes and provided inaccurate information about interest-free payment options for consumers.

Pennsylvania State University (Penn State) has agreed to pay $1.25 million to settle allegations of violating the False Claims Act, stemming from its failure to meet contractual cybersecurity requirements between 2018 and 2023. The university allegedly failed to implement cybersecurity controls mandated by the Department of Defense (DoD) and NASA on 15 contracts or subcontracts. These failures included misrepresenting the implementation of specific cybersecurity controls and using a cloud service provider that did not meet DoD’s security standards for handling sensitive defense information.

The Office of the Australian Information Commissioner (OAIC) has released two new guides to help businesses navigate privacy obligations when using artificial intelligence (AI) products. These guides provide clarity on how the Australian Privacy Act 1988 applies to AI, aiming to improve compliance and safeguard privacy as AI technologies become more prevalent in business practices.

The International Chamber of Commerce (ICC) unveiled its new Principles for Sustainable Trade Finance (PSTF) at Sibos 2024 in Beijing in effort to fight against greenwashing in global trade. The framework, developed in collaboration with leading financial institutions and Boston Consulting Group (BCG), addresses the critical challenge of evaluating sustainability in trade finance products.

The U.S. Securities and Exchange Commission (SEC) announced an enforcement action today, imposing penalties totaling $6.985 million on four technology companies for what regulators described as materially misleading disclosures regarding cybersecurity incidents.

The Securities and Exchange Commission (SEC) has taken action against New York-based investment adviser WisdomTree Asset Management Inc. for making false statements and failing to comply with its own investment criteria for ESG-marketed funds. The charges, announced on October 21, 2024, highlight the growing scrutiny of environmental, social, and governance (ESG) investment practices in the financial industry.