Marriott Cyberattack Fine Reduced as ICO Shifts Penalty Policy

Share

More than two years after receiving a massive initial fine, hotel chain Marriott International, Inc. reduces a cyberattack penalty by more than 80%. A shift in the United Kingdom’s Information Commissioner’s Office (ICO) calculation policy, along with other mitigating factors, led to the significant decrease. While the ICO reinforces the importance of responsibilities of data controllers in managing sophisticated cyberattacks, this latest development marks a continued shift away from turnover-centric penalty policies.

For the full alert, visit Faegre Drinker’s website.

British Airways Faces Significantly Reduced £20M Fine for GDPR Breach

Share

At £20 million, the fine imposed on British Airways for its infringement of the General Data Protection Regulation is the biggest fine of its kind in the history of the U.K.’s Information Commissioner’s Office (ICO). Whilst markedly lower than the fine initially proposed, the process by which the revised figure was reached provides some interesting insights on the factors that regulators will take into account and is a clear sign that despite the current economic climate, the ICO is not afraid to enforce strict GDPR compliance.

For the full alert, visit the Faegre Drinker website.

First Notice Filed Under GDPR against Canadian Analytics Firm

Share

The UK Information Commissioner’s Office (ICO) has issued an Enforcement Notice against a Canadian data analytics firm, AggregateIQ (AIQ) that allegedly produced targeted advertisements for pro-Brexit campaigns. This action is the first enforcement Notice issued under the GDPR.

Continue reading “First Notice Filed Under GDPR against Canadian Analytics Firm”

UK Information Commissioner’s Office Fines Direct Marketing Company for PECR Violation

Share

The UK Information Commissioner’s Office (ICO) announced that it has fined a direct marketing company, Everything DM Ltd. (EDML) £ 60,000 ($77,421) for failing to take reasonable steps to ensure that unsolicited marketing emails sent on behalf of its clients complied with privacy laws applicable to electronic communications.

Continue reading “UK Information Commissioner’s Office Fines Direct Marketing Company for PECR Violation”

The SEC’s Cyber Specialty Unit Strikes With Its First Case

Share

On December 4, 2017, the SEC Enforcement Division’s new Cyber Unit filed its first enforcement case for a fraudulent initial coin offering (ICO). This new specialty unit was established in late September to increase the Enforcement Division’s focus on cyber-related securities law violations. The focus areas of this unit include securities laws violations involving “blockchain” technologies and ICOs.
Continue reading “The SEC’s Cyber Specialty Unit Strikes With Its First Case”