Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we consider the Italian Data Protection Authority (the Garante) fine against Clearview AI €20m for GDPR violations. It is the latest in a series of regulatory actions in Europe and in Australia against Clearview AI and it also continues a trend of AI enforcement in Italy.
1. Who is Clearview AI?
2. What is this matter about?
3. The background facts and the Italian investigation.
4. What did the Garante say?
5. Lessons learned and next steps.
Resources
For more information on the Italian Clearview AI enforcement action, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Tag: GDPR
In this episode of the Compliance Week 2022 Preview Podcasts series, I discuss some of my presentation at Compliance Week 2022 “EU Whistleblower Protections and Responses”. Some of the issues we tackle in this podcast are:
- Understand how to comply with both the EU Whistleblower Directive and GDPR requirements around call recordings, interview notes, records, and whistleblower rights to privacy
- Learn how to run a Data Privacy Impact Assessment (DPIA)
- Discover where requirements between the EU Whistleblower Directive and data privacy regulations conflict with each other
In this first full compliance conference in over 2 years, I hope you can join me at Compliance Week 2022. This year’s event will be May 16-18 at the JW Marriott in Washington DC. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.
Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 17th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. and many others to:
- Network with your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
- Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
- Hear directly from the two SEC Commissioners and gain insights into the agency’s areas of enforcement and walk away with guidance on how to remain compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency and more.
- Bring actionable takeaways back to your program from various session types including ESG, Human Trafficking, Board obligations and many others for you to listen, learn and share.
- The goal of Compliance Week is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.
I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount off the registration price. Enter discount code discount code TFLAW $200 OFF.
Compliance Week 2022 podcast series is a production of Compliance Week, which is the sponsor of this podcast series.
Tuckers Enforcement Action
Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we consider the UK Data Protection Authority, the Information Commissioners Office (ICO) recent announcement that it had fined a law firm, Tuckers Solicitors LLP for GDPR breaches. Tuckers was fined £98,000 after being hit by a ransomware attack.
- Law firms are not unique.
- What about other legal regulations and regulatory bodies?
- The background facts.
- What did the ICO say?
- Lessons learned.
Resources
For more information on the Tuckers enforcement action, check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Privacy Shield 3
Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, consider the recently announced EU/US resolution to allow data transfer from the EU to the United States through the mechanism of Privacy Shield 3. Some of the issues we consider include:
- Is it Déjà vu all over again?
- What about consent and standard contractual clauses as a basis for data transfer?
- What was the court’s ruling?
- Why will double due diligence be required going forward?
- What about the UK?
- What does Max Shrems have to say?
Resources
Check out the Cordery Compliance client alert on this topic; click here and here. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.
Welcome to the only roundtable podcast in compliance. The entire gang was also recently honored by W3 as a top talk show in podcasting. In this episode, we have the quartet of Jay Rosen, Jonathan Armstrong, Tom Fox and Matt Kelly. We conclude with our fan favorite Shout Outs and Rants.
1. Jay Rosen discusses the connection between corruption and the Russian invasion of Ukraine and the leadership differences between Presidents Putin and Zelensky. Rosen rants about Mavericks owner Mark Cuban over the allegations of former GM Donnie Nelson that Nelson was fired for reporting a sexual assault of a Maverick employee.
2. Matt Kelly looks cybersecurity and the state of proposed new rules from the SEC governing the conduct of public companies which sustain a cyber breach. Kelly rants about West Virginia Senator Joe Manchin opposes electric cars because customers would have to wait too long at charging stations for batteries to be replaced (electric car batteries are recharged not replaced).
3. Jonathan Armstrong looks at the increase in cyber-attacks and ransomware demands and a GDPR enforcement action involving Tucker’s. Armstrong shouts out to TV show editor Marina Ovsyannikova who on live TV in Moscow, stood up to the President Putin by holding a sign which said, “Russian: “Don’t believe the propaganda. They’re lying to you here.” In English it said: “No war … Russians against war.”
4. Tom Fox discusses the recent District Court decision in the Coburn case and what it means for all involved; the DOJ, companies under FCPA investigation and counsel who perform internal investigations. Fox rants about Texas AG Ken Paxton who once again disobeyed a District Court injunction forbidding the state of Texas from investigating the parents of transgender teens for child abuse.
The members of the Everything Compliance are:
• Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
• Karen Woody – One of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
• Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
• Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at jonathan.armstrong@corderycompliance.com
• Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at jonathan.marks@bakertilly.com
The host and producer, ranter (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.
The Case of the Rogue Employee
Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In the 2020 Morrisons case the UK Supreme Court ruled that an employer can be legally responsible for data breaches caused by their employees, although in the particular situation in that case the court ruled that Morrisons (the employer) was not liable for the actions of their rogue employee. In this episode, Tom and Jonathan look at the more recent case of Isma Ali v. Luton Borough Council where the High Court ruled that in committing the data security breach actions the rogue employee undertook, she had solely pursued her own interests and so the employer was not liable for her conduct. Some of the issues we consider include:
1. What were the underlying facts of the case?
2. What was the court’s ruling?
3. Key Takeaways for the data privacy, data protection practitioner, including:
· Take a close look at security measures and ensuring that access rights are policed. Data loss prevention and monitoring systems should also be in place to check for large data files leaving the organization – depending on the circumstances, a rogue employee might be after a lot of data;
· Put in place appropriate policies and procedures to make sure that data protection principles like data security and data minimization are properly understood;
· Perform a Data Protection Impact Assessment for new processes;
· Make sure that employees in trusted roles are reliable and that their access rights are reviewed.
· Put in place and rehearse a data breach notification procedure, including detection and response capabilities;
· Training staff on all of the above; and,
· Check existing insurance or taking out new insurance to cover the range of potential risks from “innocent” errors to the actions of a rogue employee.
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
The Case of the Smart TV
Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, dissect the case of the Smart TV and considers its implications for de minimis cases brought under GDPR. Some of the issues we consider include:
1. What were the underlying facts of the case?
2. Was the case filed in the correct court (High Court)? If not, why not?
3. What was the court’s ruling?
4. What is the viability of a de minimums claim going forward?
5. When dealing with data protection infringement compensation claims, look to cases from other jurisdictions.
6. No matter how seemingly trivial, organizations should be prepared for them and manage them with care.
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, they celebrate the 10th anniversary of the initial proposal of the law, which became GDPR. Some of the issues they consider include:
- What was in the original proposal that did not become enacted in the final law?
- Reduction in costs-what happened?
- Right to be Forgotten morphed into something very different than intended.
- Fines, Fines, Fines.
- Evolution of regulatory sophistication.
- Criticism of regulators.
Resources
Check out the Cordery Compliance client alert on this topic; click here. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.
Class Action Update
Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we take a deep dive into class action litigation in the UK and EU around data privacy and data protection. Some of the issues we consider include:
1. Has the tide turned in favor of defendants in class action litigation in the UK?
2. Are actual damages now required to receive damages after a data breach?
3. How can a company manage a regulatory investigation of a data breach during a class action litigation?
4. What about suits against Boards of Directors?
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Life with GDPR named one of the top 30 Data Security Podcasts you must follow in 2022.
Update on Blackbaud
Jonathan Armstrong returns from assignment to take on a potpourri of issues with co-host Tom Fox. In this episode, we consider some of the issues from the Blackbaud data breach enforcement action. Some of the issues we consider include:
- Does this matter signal a priority in risk shifting by the regulators?
- Implications for class actions involving customers.
- Hardening of the insurance market regarding data breaches.
- More due diligence coming in the B2B arena.
- Steps your organization should take now.
Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.