In December 2024, Valio, Finland’s iconic dairy company, made an announcement that a personal data breach had compromised the personal information of a significant portion of their workforce. Fast forward to January 2025, and the situation has escalated. The breach, initially thought to be limited in scope, now affects far more people than originally estimated. And the authorities? They’re all over it
The Commodity Futures Trading Commission (CFTC) has announced a major reorganization of its Division of Enforcement, with a renewed focus on fraud prevention and market integrity. Acting Chairman Caroline D. Pham unveiled the restructuring on February 4, 2025, aiming to streamline operations and more effectively allocate the agency’s resources to combating fraud while reducing the practice of "regulation by enforcement."
2024 was a year of growing momentum for the French National Commission on Informatics and Liberty (CNIL), as the watchdog took significant steps to ensure that businesses comply with data protection laws. With fines, compliance orders, and reprimands on the rise, the CNIL made it clear that GDPR violations would no longer go unchecked. The result? A year of record-breaking action in data privacy enforcement.
In a settlement with FINRA, Apex Clearing Corporation, a Dallas-based firm that provides clearing services for introducing broker-dealers, is paying a $3.2 million fine after being found in violation of securities lending regulations. While financial penalties are common in the industry, this case tells a much bigger story about trust, transparency, and accountability—issues that are increasingly at the heart of how financial services firms do business.
The Italian data protection authority has fired a warning shot at AI developers worldwide, blocking DeepSeek, a Chinese chatbot service, from processing data belonging to Italian users. The move adds yet another chapter to Europe's growing scrutiny of AI platforms and their compliance with strict privacy laws.
Another day, another data breach—this time, it's Grubhub in the hot seat. The food delivery giant has disclosed a cybersecurity incident that compromised sensitive information belonging to customers, merchants, and drivers. The breach, linked to a third-party service provider, raises pressing concerns about supply chain security in the gig economy and highlights yet again how cybercriminals continue to exploit vulnerabilities in widely used platforms.
28 ESG evaluation and data providers have now formally endorsed the "Code of Conduct for ESG Evaluation and Data Providers" as of December 31, 2024. This voluntary code, introduced by the Japanese Financial Services Agency (FSA) on December 15, 2022, is part of a broader effort to standardize and improve the transparency of ESG data and evaluation practices across the industry.