- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Neil Hodge2024-08-13T20:35:00
The U.K. Information Commissioner’s Office (ICO) proposed a 6.1 million pound (U.S. $7.8 million) fine against Advanced Computer Software Group, an IT contractor for the National Health Service (NHS) that allegedly failed to secure the data of 83,000 people after a cyberattack.
The ICO said in a press release Wednesday it provisionally penalized Advanced after the company allegedly failed to implement basic cybersecurity controls to protect personal data. If finalized, the enforcement action would be the agency’s first financial penalty against a data processor under the U.K. General Data Protection Regulation.
Advanced provides the NHS and other healthcare providers with IT and software services. In August 2022, the company suffered a ransomware attack that gave hackers access to some of the company’s health and care systems via a customer account that did not have multi-factor authentication.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.
Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.
Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.
USAA Federal Savings Bank has been hit with its third cease and desist order from the Treasury Department’s Office of the Comptroller of the Currency in the past five years for failing to correct unsafe and unsound banking practices.
Becton Dickinson medical device company will pay $175 million for “repeatedly” misleading investors about its Alaris infusion pump, a product the company knew was flawed and was sold without the required patient-safety approvals, the Securities and Exchange Commission said.
The Securities and Exchange Commission charged bankrupt fashion retailer Express with failing to disclose nearly $1 million in perks to a former chief executive, but did not levy a financial penalty thanks to its cooperation, the SEC said.
