Data Privacy


AI_data_privacy

Premium

EU AI Act next GDPR? Proof in the pudding as boardrooms prioritize data governance

2024-12-23T10:00:00+00:00By

Breaches of the EU’s GDPR can cost companies substantial sums and huge reputational damage. Now some are warning that the implementation of the EU’s AI Act will be just as far-reaching, and could potentially lead to similar numbers of cases.

ai_governance_web

Premium

Good AI governance starts with proactive, continuous risk assessments

2024-11-21T16:25:00+00:00By

Data governance has become a key concern for companies, especially when the EU AI Act and General Data Protection Regulation have put a premium on handling data responsibly and ensuring that artificial intelligence does not cause harm.

Meta building

News Brief

Meta discloses potential CFPB lawsuit following probe into advertising, disclosure practices

2024-11-04T14:44:00+00:00By

Meta disclosed in a public filing that an investigation by the Consumer Financial Protection Bureau related to financial product advertising on platforms Instagram and WhatsApp may lead to a lawsuit.

LinkedIn

News Brief

Irish DPC fines LinkedIn $335M over GDPR violations related to targeted advertising

2024-10-30T18:49:00+00:00By

The Irish Data Protection Commission fined Microsoft-owned LinkedIn 310 million euros (U.S. $335 million) over violations of the European Union’s General Data Protection Regulation related to the social media company’s data processing and targeted advertising.

California

News Brief

FCC teams up with CPPA to enforce privacy rules

2024-10-30T13:55:00+00:00By

In an effort to streamline the enforcement of California’s stringent privacy rules, the Federal Communications Commission has signed a memorandum of understanding (MOU) with the California Privacy Protection Agency.

ChinaUS

News Brief

DOJ proposes rule that would block sale of Americans’ personal data to Chinese, Russian firms

2024-10-22T14:37:00+01:00By

The Department of Justice (DOJ) has proposed a new rule that would regulate the use of Americans’ personal information by foreign companies and foreign persons in six “countries of concern,” prohibiting and restricting the sale of data to thwart the use of data for cyber-enabled activities, espionage, coercion, influence and ...

AI_Compliance_11

Premium

Keys to a successful GenAI use policy: Clear roles, training, vendor management

2024-10-18T12:00:00+01:00By

For all the hype surrounding generative artificial intelligence, the technology has been met with a healthy skepticism in the compliance community. Compliance practitioners want to know: Is it safe? Can it be deployed ethically? Are the risks greater than the rewards? And what should an AI acceptable use policy contain?

AI Act

Premium

Pace of innovation will make EU AI Act hard to enforce, experts say

2024-10-17T16:22:00+01:00By

Concerns about how robustly European member states may enforce the EU AI Act, which took effect on Aug. 1, are divided between if regulators will take a “light touch” approach or a sledgehammer for noncompliance. One thing’s for sure, the pace of AI innovation will make enforcement very difficult.

CWE_Day_2_5

Event

Photo gallery: Compliance Week Europe 2024

2024-10-15T20:40:00+01:00By

Compliance Week Europe, held Oct. 15-16 in Amsterdam in partnership with our sister organization the Internation Compliance Association, gathered more than 200 GRC professionals across industries. Check out some of the sights from the event.

AI_data_privacy

Premium

Control and delete: How regulators can shutdown companies’ AI investments

2024-10-11T19:20:00+01:00By

Companies are increasingly putting their faith in AI to realize the kind of business benefits that the technology seems to promise, but they are also opening themselves up to new and potentially crippling sanctions if they are unable to answer questions that surround how AI operates.

Apple_Intelligence

Premium

Companies are slowing AI launches in Europe, some say European Union regulations are why

2024-10-08T13:03:00+01:00By

The European Union’s Digital Markets Act is forcing many Big Tech companies to postpone the launch of artificial intelligence-powered features, like Apple Intelligence, over user privacy and data security concerns.

T-Mobile

News Brief

T-Mobile reaches $31.5M settlement with FCC over multiple data breaches

2024-10-03T12:00:00+01:00By

T-Mobile, which experienced three huge data breaches in the past three years, agreed to pay $31.5 million in penalties and remediation for failing to protect millions of its customers’ personal information as part of a settlement with the Federal Communications Commission.

Meta building

News Brief

Irish DPC fines Meta $102M over GDPR violation linked to improper storage of passwords

2024-09-27T22:30:00+01:00By

The Irish Data Protection Commission fined Meta Ireland 91 million euros (U.S. $102 million) for multiple violations of the European Union’s General Data Protection Regulation related to the inadvertent storage of user passwords without encryption.

AI_moneybag

Premium

AI misuse could lead to sanctions from multiple regulators, experts warn

2024-09-27T16:22:00+01:00By

The proliferation of AI, as well as the promised business cases promoting its use, has led companies around the world to quickly invest in the technology. Executives hope these AI tools will improve efficiencies, reduce costs, and help them stay competitive. But it could lead to just the opposite.

FTC

Premium

FTC sounds alarm on business practices turning into ‘vast surveillance’

2024-09-20T14:07:00+01:00By

The Federal Trade Commission took aim at the business models of some of the world’s largest companies, publishing a years-long study that decried technologies that have created “vast surveillance” networks that expose people to “a host of harms” and violate children’s privacy laws.

Clearview AI

Premium

Clearview AI’s GDPR fines rise to $110M total after latest penalty by Dutch DPA

2024-09-09T13:08:00+01:00By

Clearview AI was fined 30.5 million euro (U.S. $33.8 million) by the Dutch Data Protection Authority and ordered to stop collecting images of Dutch citizens in the latest enforcement action against the U.S. company.

smarsh300x200

Webcast

CPE Webcast: Mastering mobility risks for accelerated growth

2024-09-03T14:00:00+01:00Provided by

Discover how cutting-edge mobile technologies are transforming the business landscape. A strong mobility strategy, paired with a top-tier compliance platform, is essential for scaling in today’s fast-paced environment.

Uber

News Brief

Dutch DPA fines Uber $324M over transferring driver data to U.S.

2024-08-27T15:56:00+01:00By

The Dutch Data Protection Authority fined Uber 290 million euros (U.S. $323.7 million) for illegally transferring data on European drivers to American servers and failing to appropriately safeguard the transfers.

GenAI_Web

Premium

How are you keeping up? The adoption of AI in compliance

2024-08-22T15:15:00+01:00By

Artificial intelligence is rapidly transforming the business landscape, and this is especially true for anyone working in compliance. But while AI offers immense potential to streamline processes, enhance decision-making, and mitigate risks, it also introduces a new set of challenges that compliance professionals must navigate.

FTC seal

News Brief

FTC tries to close COPPA loophole with amicus brief against IXL Learning

2024-08-21T17:17:00+01:00By

The Federal Trade Commission is fighting against an online educational platform’s interpretation of the Children’s Online Privacy Protection Act, arguing that COPPA can’t force parents into arbitration.

uniqlo_web

News Brief

Spanish DPA dings retailer Uniqlo $294K over GDPR violations

2024-08-19T19:25:00+01:00By

Spain’s data protection authority fined retailer Uniqlo Europe 270,000 euros (U.S. $294,000) over admitted violations of the European Union’s General Data Protection Regulation.

ICO_web

Premium

ICO proposes $7.8M fine against NHS contractor in warning to IT providers

2024-08-13T20:35:00+01:00By

The U.K. Information Commissioner’s Office proposed a 6.1 million pound (U.S. $7.8 million) fine against Advanced Computer Software Group, an IT contractor for the National Health Service that allegedly failed to secure the data of 83,000 people after a cyberattack.

TikTok

Basic Page

DOJ lawsuit alleges TikTok ignored order to enhance COPPA compliance

2024-08-07T15:56:00+01:00By

TikTok is in hot water with the Department of Justice and Federal Trade Commission over widespread failures to comply with a 2019 consent order to enhance compliance with children’s privacy laws.

British pounds

Premium

LexisNexis survey: Compliance costs soared for U.K. banks in 2023

2024-08-06T16:54:00+01:00By

Nearly all but a tiny minority of financial institutions saw their costs of financial crime compliance rise in 2023, a survey by LexisNexis and Oxford Economics found.

dating_apps_web

Premium

Many dating apps a matchmaker for cybercriminals, study finds

2024-08-05T18:05:00+01:00By

Location-based dating apps are not doing enough to protect user privacy, with exact location and other personal data being exploited by stalkers and bad actors, a recent analysis found.

DORA_Web

Premium

DORA set to enhance cyber resilience requirements for EU financial firms

2024-08-05T13:01:00+01:00By

The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.

SFO

Premium

SFO staffing shortages improve under new leadership

2024-08-01T15:35:00+01:00By

Staffing shortages that have plagued the U.K. Serious Fraud Office are trending in the right direction since its new director took charge, with the anti-bribery agency forging ahead with initiatives to ensure its future sustainability.

Meta Platforms

News Brief

Meta reaches $1.4B settlement over Texas biometric data privacy lawsuit

2024-07-31T17:14:00+01:00By

Meta agreed to pay $1.4 billion to the state of Texas to settle allegations regarding the unauthorized capture and use of personal biometric data of state residents.

AdobeStock_86925116

Premium

What’s on tap for CPPA from its deputy director of enforcement

2024-07-26T12:54:00+01:00By

Michael Macko, deputy director of enforcement at the California Privacy Protection Agency, described priorities for the agency now and in the near future during a recent board meeting.

LogicGate 300x200

Webcast

CPE Webcast: Proactive AI compliance: 4 essential steps to minimize exposure

2024-07-25T14:00:00+01:00Provided by

As artificial intelligence (AI) continues to advance rapidly and organizations expand their usage to optimize efficiency and productivity, implementing internal AI policies to ensure regulatory compliance and minimize exposure remains a hot topic.

Spying

News Brief

FTC wants answers from Mastercard, JPMorgan, others on use of AI to collect data

2024-07-24T13:19:00+01:00By

Eight large companies, including Mastercard and JPMorgan Chase, have been ordered by the Federal Trade Commission to provide detailed reports about their possibly secret use of artificial intelligence to track customers and use the information to set prices.

GDPRgavel

News Brief

Lithuanian DPA orders Vinted to pay $2.6M over GDPR violations

2024-07-16T17:25:00+01:00By

The data protection authority of Lithuania levied a fine of 2.4 million euros (U.S. $2.6 million) against Vinted UAB, an online clothing trading and exchange platform, for alleged violations of the European Union’s General Data Protection Regulation.

x_web

News Brief

European Commission informs X it may be in breach of Digital Services Act

2024-07-15T20:36:00+01:00By

The European Commission informed X, formerly Twitter, that it may be the first company found to be in violation of the European Union’s Digital Services Act in areas “linked to dark patterns, advertising transparency, and data access for researchers.”

FCC

News Brief

FCC orders Sorenson unit to pay $34.6M over illegal data retention

2024-07-10T15:46:00+01:00By

Sorenson Communications agreed to pay $34.6 million and implement a comprehensive compliance program to settle allegations levied by the Federal Communications Commission that its subsidiary illegally retained call content of users who relied on captions to make and receive calls.

Messaging apps

News Brief

FTC proposes $5M penalty for NGL Labs, founders over COPPA violations

2024-07-09T20:26:00+01:00By

The Federal Trade Commission ordered anonymous messaging app creator NGL Labs and its two founders to pay $5 million for unfairly marketed to children and falsely claiming artificial intelligence filtered out bullying messages and threats.

Tibbets_web1

Premium

How fintechs can overcome major compliance hurdles in embedded finance

2024-07-01T15:45:00+01:00By Margaret Holmes Tibbets, CW guest columnist

Margaret Holmes Tibbets, chief compliance officer at financial technology company Pipe, explains how firms are facing an existential compliance crisis, and to survive they’ll need to overcome not one but two hurdles.

Child Privacy

News Brief

SpongeBob game developer ordered to pay $500K over CCPA, COPPA violations

2024-06-25T19:42:00+01:00By

Popular children’s mobile game developer Tilting Point Media agreed to pay $500,000 to settle allegations the company illegally collected children’s personal data, a violation under the California Consumer Privacy Act and a federal children’s privacy law.

Clearview AI

News Brief

Clearview AI agrees to pay stake in company to settle Illinois privacy lawsuit

2024-06-24T21:02:00+01:00By

Facial recognition company Clearview AI reached a preliminary settlement in a class action lawsuit alleging it violated the Illinois Biometric Privacy Act, with the company agreeing to compensate victims with stake in the company.

Citi

Premium

Citi report: GenAI revolution will bring increased need for compliance

2024-06-21T18:28:00+01:00By

A new report on the use of artificial intelligence in financial services predicts that the technology will drive profits, disruptions, and change over the next decade.

OCC

News Brief

OCC emphasizes compliance’s role in FI’s operational resiliency

2024-06-20T15:40:00+01:00By

Compliance departments at financial institutions must become more involved in ensuring their firm’s operational resiliency to address emerging risks, the Treasury Department’s Office of the Comptroller of the Currency said in its semi-annual risk perspective.

SEC office

News Brief

SEC orders R.R. Donnelley to pay $2.1M over cyber-related control violations

2024-06-20T14:45:00+01:00By

A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission over cybersecurity-related control violations.

DOJ

News Brief

DOJ orders consultants to pay $11.3M total for cyber rule violations

2024-06-18T19:49:00+01:00By

Guidehouse and Nan McKay and Associates will pay a total of $11.3 million to the Department of Justice (DOJ) to settle allegations that cybersecurity failures led to the theft of client personal information during the height of the COVID-19 pandemic.

columnist dale

Opinion

Top-of-mind takeaways from TPRM Summit

2024-06-17T21:11:00+01:00By

Top-of-mind issues addressed at Compliance Week’s Third-Party Risk Management & Oversight Summit, held June 3-4 in Atlanta, included safe deployment of artificial intelligence, assessing vendor viability and sustainability, understanding the role of procurement in risk ranking, the intersection (or lack thereof) between data privacy and cybersecurity, and many others.

/web/img/field/image/privacy.jpg

News Brief

Vermont governor vetoes privacy bill, legislature plans override vote

2024-06-17T18:23:00+01:00By

Vermont Republican Gov. Phil Scott vetoed a data privacy bill approved by the state’s Democrat-led legislature, which plans an override vote this week.

DOJ

News Brief

Cerebral set to pay $7M over alleged patient data sharing

2024-06-12T02:05:00+01:00By

The Department of Justice and Federal Trade Commission proposed telehealth company Cerebral pay a total of $7 million for its alleged sharing of patient data and deceptive business practices in violation of the FTC Act.

Texas Capitol

News Brief

​Texas touts team ‘among the largest in the country’ to enforce privacy laws

2024-06-07T13:40:00+01:00By

The state of Texas forecasted “aggressive enforcement” of its upcoming data privacy law with the announcement of a dedicated team to oversee its implementation.

Business data

Premium

Big Tech data for finance: Will FCA plans set trend?

2024-06-04T12:26:00+01:00By

Plans in the United Kingdom to share Big Tech data with financial services firms could prompt other industry regulators to follow suit or result in “unintended consequences” that see Meta, Google, and others growing market share.

Gina Nese 2000x1333

Event

Gina Nese stays ahead of the curve as CCO of the Year

2024-05-29T00:45:00+01:00By

Gina Nese, head of compliance and privacy at Align Technology, jumps at the chance to share new ideas and ways to innovate, including regarding emerging technologies like AI. Her work earned her recognition as CCO of the Year at the 2024 Excellence in Compliance Awards.

CCPAUpdate

Premium

California privacy reg seeking more input on new rules

2024-05-20T15:11:00+01:00By

Businesses will receive additional time to weigh in on proposed regulations by the California Privacy Protection Agency regarding risk assessments, cybersecurity audits, automated decision-making, and data broker registration before they’re potentially finalized later this year.

AI transformation

Premium

Survey: Compliance digital transformation hampered by data access, AI concerns

2024-05-06T09:45:00+01:00By

Few compliance teams describe their access to company data as “robust,” according to a new survey conducted by Compliance Week and NAVEX, while apprehension toward the adoption of artificial intelligence remains a hurdle for the profession to clear.