The largest regulatory fine leveled against a company since the General Data Protection Regulation was enacted in May 2018 is poised to reshape business compliance practices across industries. In late January, CNIL fined a big-tech giant nearly $57 million, citing what the French data-protection regulator saw as failure to meet the core requirements of informed consent under GDPR. As the decision goes through appeal, the debate is far from settled about what constitutes informed consent in personal data collection. Nor will the scythe cut only the tallest grass. Read the full report.
Category Archives: Data breach
Recent cyber attacks on major U.S. businesses and government agencies are putting pressure on general counsels to help fortify internal data protocols. Beyond recent attacks against dozens of U.S. corporations and agencies, companies also face the escalating threat of financial liability. Earlier this year, former executives of a major web services provider agreed to pay $29 million to settle assertions they did not live up to their fiduciary duties in safeguarding customer data during cyber attacks between 2013 and 2016. Read the full report.
The enactment of more stringent data privacy laws by states and foreign governments is prompting a more unified approach by the federal government, beyond the industry-specific regulations that dictated past approaches. Congressional response follows the European Union’s May 2018 implementation of the General Data Protection Regulation. Read more.