The prospect of class action lawsuits being filed in the aftermath of a major data breach often has more impact on breached healthcare organizations than the potential for fines and enforcement actions by government regulators, says attorney Jeff Westerman of Westerman Law Corp.
Meta has reached a $725 million agreement to resolve a class action lawsuit filed over Facebook's user data-sharing practices, after data for 87 million Facebook profiles was transferred to political consultancy Cambridge Analytica in violation of the social network's policies.
Belgian banking giant Degroof Petercam is warning hundreds of clients that their employees are at risk of fraud after personal details tied to their stock option plans were accessed, potentially by an ex-employee. The bank has reported the data breach to the Belgian Data Protection Authority.
A federal judge has denied granting a preliminary injunction against Meta to stop the firm's Pixel tracking code in healthcare websites from collecting and disseminating patient information for advertising. But the judge says he could change his mind as more details about patient privacy emerge.
The French data protection authority fined Microsoft Ireland 60 million euros for privacy and security practices relating to a Bing search engine advertising cookie. The company has three months to get the consent of the French users before further deployment of the cookie.
Unifying decision-making about privacy, security, ethics and governance poses a huge challenge from a regulatory and operational perspective, says OneTrust CEO Kabir Barday. OneTrust has created a network of 900 lawyers across 300 jurisdictions that feed intelligence into the company's platform.
In a surprise move, Britain's Information Commissioner's Office recently named names - lots of names - on the data breach front. The ICO has published detailed information about breaches of personal data, complaints and the civil investigations. Attorney Edward Machin explains the implications.
The latest edition of the ISMG Security Report discusses why it is always a bad idea for organizations to pay hackers for data deletion, practical steps organizations can and should take to avoid being at the heart of a data subject complaint, and the latest efforts to tackle the ransomware threat.
Europe took a key step in formalizing a framework to underpin the trans-Atlantic flow of commercial data but privacy activists say the EU-U.S. agreement won't stand up to a legal challenge. The Commission on Dec. 13 issued a draft adequacy decision on the EU-U.S. Data Privacy Framework.
Epic Games, maker of Fortnite, will pay $520 million to the U.S. government to settle allegations it violated children's privacy and charged credit cards without authorization. Epic said its previous practices adhered to "long-standing industry practices" but that "the old status quo" has changed.
After years of digital transformation, cloud migration and deployment of hybrid workforces, enterprises have more endpoints than ever, which makes it important to take endpoint security to a whole new level. Pat Correia of Cisco Security shares five tips for choosing endpoint security.
The latest edition of the ISMG Security Report discusses how investigators saw the collapse of cryptocurrency exchange FTX as "one of the biggest financial frauds in American history," how CISOs can guard against their own liability, and major security and privacy shifts and the outlook for 2023.
A California dental practice that for years revealed patient data on Yelp must stop doing so and pay federal regulators a $23,000 fine. New Vision Dental, owned by Dr. Brandon Au, must also delete social media posts and send breach notification letters to affected patients.
Updated guidance from the Federal Trade Commission and the Department of Health and Human Services aims to help clarify for mobile health app developers creating apps that process health data the privacy and security regulations that apply to their products.