IT Security & Privacy

CNIL Fines Cegedim Santé for Unauthorized Health Data Processing

France's data protection watchdog, CNIL (Commission Nationale de l'Informatique et des Libertés), has imposed a substantial €800,000 fine on CEGEDIM SANTÉ. The penalty comes as a response to the company's unauthorized processing of sensitive health data, highlighting the growing tension between technological advancement and privacy protection in the medical field.

Dutch Data Protection Authority Slaps Clearview AI with $33.7 Million Fine Amid Privacy Controversies

New York-based facial recognition startup Clearview AI has now accrued fines exceeding $115 million for privacy violations across the European Union and the United Kingdom. The Dutch Data Protection Authority (DPA) has recently imposed a $33.7 million penalty, adding to a series of General Data Protection Regulation (GDPR) compliance issues that date back to 2020.

Swedish DPA Imposes Penalties for Data Transfers to Meta

The Swedish Data Protection Authority (IMY) has recently imposed penalties on Apoteket AB and Apohem AB, totaling SEK 37 million (€3.2 million) and SEK 8 million (€698,000), respectively. These fines come after an investigation revealed that both companies used Meta's Pixel tool inappropriately, resulting in the unauthorized transfer of privacy-sensitive personal data to Meta’s advertising platforms.

CMS Data Breach: A Risk Management and IT Security Wake-Up Call

The recent data breach at the Centers for Medicare & Medicaid Services (CMS), which compromised the personal information of nearly one million Medicare beneficiaries, serves as a powerful reminder of the serious cybersecurity, governance, risk management, and compliance (GRC) challenges facing organizations in today's digital landscape. The breach, stemming from a vulnerability in third-party software (MOVEit) has exposed significant gaps in vendor management, IT security, and regulatory compliance.

Swedish Regulators Fine Bank €1.3 Million for Improper Data Sharing with Meta

Swedish regulators have levied a fine against a major domestic bank for unlawfully transferring customer data to Meta's advertising platforms. The Swedish Supervisory Authority (SA) announced a €1.3 million administrative penalty against Avanza Bank AB after an investigation found the bank had been funneling personal information about up to 1 million customers to Meta, the parent company of Facebook, over an 18-month period.

Dick's Sporting Goods & Halliburton Report Cyberattack in SEC Filing

Dick's Sporting Goods revealed in a Securities and Exchange Commission (SEC) filing on Wednesday that it had fallen victim to a cyberattack, highlighting the increasing challenges faced by organizations in managing IT security and resilience. The attack, detected on August 21, involved unauthorized access to several of the company’s information systems, including sensitive areas containing confidential data.

ICO Reprimands Labour Party for Data Privacy Violations

The Information Commissioner's Office (ICO) has issued a formal reprimand to the UK Labour Party for repeatedly failing to respond to subject access requests (SARs) within the legally mandated timeframe. This action follows an investigation prompted by over 150 complaints received by the ICO between November 2021 and November 2022.