- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Neil Hodge2024-08-13T20:35:00
The U.K. Information Commissioner’s Office (ICO) proposed a 6.1 million pound (U.S. $7.8 million) fine against Advanced Computer Software Group, an IT contractor for the National Health Service (NHS) that allegedly failed to secure the data of 83,000 people after a cyberattack.
The ICO said in a press release Wednesday it provisionally penalized Advanced after the company allegedly failed to implement basic cybersecurity controls to protect personal data. If finalized, the enforcement action would be the agency’s first financial penalty against a data processor under the U.K. General Data Protection Regulation.
Advanced provides the NHS and other healthcare providers with IT and software services. In August 2022, the company suffered a ransomware attack that gave hackers access to some of the company’s health and care systems via a customer account that did not have multi-factor authentication.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Register for free
Receive the CW newsletter and access CPE webcasts.
The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.
Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.
Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.
Women’s apparel importer Alexis agreed to pay nearly $7.7 million to settle allegations, first raised by a whistleblower, that it intentionally underpaid customs duties, according to the Department of Justice.
New York-based broker-dealer OTC Link will pay a $1.2 million fine to settle charges levied by the Securities and Exchange Commission over allegedly failing to implement a system to monitor and report potential suspicious activities on its platforms.
Ideanomics, two former execs, and its current chief executive agreed to pay about $5 million and hire an independent compliance professional to settle allegations made by the Securities and Exchange Commission (SEC) that the company misled the public about its performance.
