Tag: GDPR

Categories
Life with GDPR

The Case of the Rogue Employee

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In the 2020 Morrisons case the UK Supreme Court ruled that an employer can be legally responsible for data breaches caused by their employees, although in the particular situation in that case the court ruled that Morrisons (the employer) was not liable for the actions of their rogue employee. In this episode, Tom and Jonathan look at the more recent case of Isma Ali v. Luton Borough Council where the High Court ruled that in committing the data security breach actions the rogue employee undertook, she had solely pursued her own interests and so the employer was not liable for her conduct. Some of the issues we consider include:

1.     What were the underlying facts of the case?

2.     What was the court’s ruling?

3.     Key Takeaways for the data privacy, data protection practitioner, including:

·      Take a close look at security measures and ensuring that access rights are policed. Data loss prevention and monitoring systems should also be in place to check for large data files leaving the organization – depending on the circumstances, a rogue employee might be after a lot of data;

·      Put in place appropriate policies and procedures to make sure that data protection principles like data security and data minimization are properly understood;

·      Perform a Data Protection Impact Assessment for new processes;

·      Make sure that employees in trusted roles are reliable and that their access rights are reviewed.

·      Put in place and rehearse a data breach notification procedure, including detection and response capabilities;

·      Training staff on all of the above; and,

·      Check existing insurance or taking out new insurance to cover the range of potential risks from “innocent” errors to the actions of a rogue employee.

Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

The Case of the Smart TV

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, dissect the case of the Smart TV and considers its implications for de minimis cases brought under GDPR. Some of the issues we consider include:

1.     What were the underlying facts of the case?

2.     Was the case filed in the correct court (High Court)? If not, why not?

3.     What was the court’s ruling?

4.     What is the viability of a de minimums claim going forward?

5.     When dealing with data protection infringement compensation claims, look to cases from other jurisdictions.

6.     No matter how seemingly trivial, organizations should be prepared for them and manage them with care.

 Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

GDPR-10 Years After Original Proposal


Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, they celebrate the 10th anniversary of the initial proposal of the law, which became GDPR. Some of the issues they consider include:

  1. What was in the original proposal that did not become enacted in the final law?
  2. Reduction in costs-what happened?
  3. Right to be Forgotten morphed into something very different than intended.
  4. Fines, Fines, Fines.
  5. Evolution of regulatory sophistication.
  6. Criticism of regulators.

Resources
Check out the Cordery Compliance client alert on this topic; click here. For more information on Cordery Compliance, go to their website here. Also, check out the GDPR Navigator, one of the top resources for GDPR Compliance, by clicking here.

Categories
Life with GDPR

Class Action Update

Jonathan Armstrong and Tom Fox return for another episode of Life with GDPR. In this episode, we take a deep dive into class action litigation in the UK and EU around data privacy and data protection. Some of the issues we consider include:

1.     Has the tide turned in favor of defendants in class action litigation in the UK?

2.     Are actual damages now required to receive damages after a data breach?

3.     How can a company manage a regulatory investigation of a data breach during a class action litigation?

4.     What about suits against Boards of Directors?

 Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Life with GDPR named one of the top 30 Data Security Podcasts you must follow in 2022.

Categories
Life with GDPR

Update on Blackbaud


Jonathan Armstrong returns from assignment to take on a potpourri of issues with co-host Tom Fox. In this episode, we consider some of the issues from the Blackbaud data breach enforcement action. Some of the issues we consider include:

  1. Does this matter signal a priority in risk shifting by the regulators?
  2. Implications for class actions involving customers.
  3. Hardening of the insurance market regarding data breaches.
  4. More due diligence coming in the B2B arena.
  5. Steps your organization should take now.

Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
This Week in FCPA

Episode 286 – the Georgia Finally Beats Alabama


The college football season has ended with UGA finally defeating UA. Tom and Jay turn their full attention to the NFL playoffs now and also look at some of the week’s top compliance and ethics stories this week in the Georgia Finally Beats Alabama edition.

Stories

1.     Carnival and Princess Cruise Lines violated DPA yet again. Matt Kelly in Radical Compliance. DOJ Press Release.
2.     Prioritizing items from the Strategy on Countering Corruption. Worth McMurray in the FCPA Blog.
3.     DOJ to look at short sellers. Jaclyn Jaeger in Compliance Week (sub req’d).
4.     Proposed framework for CCO liability analysis. Mengqi Sun in WSJ Risk & Compliance Journal.
5.     Manipulation on timing of FCPA enforcement action? Matthew Stephenson debunks a new article in GAB.
6.     ComTech comes to financial institution compliance. Christian Wunderly in the FCPA Blog.
7.     Phil Tetlock and Superforecasting come to risk management. Jim DeLoach in CCI.
8.     Ethics and FCPA predictions for 2022. Mike Volkov with a double dose of Carnac the Magnificent. Ethics here. FCPA here.
9.     Banks develop climate risk consortium. Aaron Nicodemus in Compliance Week(sub req’d)
10.  Liability of local representatives under GDPR. Kelly Hagedorn and Matthew Worby in Compliance and Enforcement.

Podcasts 

11.  Tom and Matt Kelly conclude a 2-part podcast series on issues they are following in 2022.  On Compliance into the Weeds, Part 1 and Part 2.
12.  In January on The Compliance Life, I visit with Valerie Charles, partner at StoneTurn. Val has one of the most interesting journeys in compliance. In Part 1, she discussed her academic background and early professional career. In Part 2, she discusses her move to ComTech.
13.  The Compliance Podcast Network welcomes Professor Karen Woody and her new podcast, Classroom Insider. In this most unique pod, Karen interviews some of her student to tell the history of insider trading. In Episode 4, Colin Manchester discusses the evolution of the disclose or abstain rule.
14.  Mikhail Reider-Gordon returns in Lies, Spies & Corporate Crimes: The Wirecard Saga, with Season 2, Episode 3 Shell Games.
15.  Check out 31 Days to a More Effective Compliance Program returns, which runs for the month of January, from January 1 to January 31. Available on the Compliance Podcast NetworkMegaphoneiTunes, and all other top podcast platforms.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
Great Women in Compliance

Jonathan Armstrong – Original Gangster Great Gentleman in Compliance

Welcome to the Great Women in Compliance Podcast, co-hosted by Lisa Fine and Mary Shirley.

Welcome to the first Great Women In Compliance episode for 2022. Lisa and Mary are really excited about starting off another year of connecting, communicating and celebrating our GWIC family.

While Mary and Lisa usually start out each quarter with a joint discussion, this time they do a joint interview with a guest who was there when this podcast was born. Jonathan Armstrong is a strong supporter of women in compliance, diversity, and is an expert in GDPR, Brexit, and many other multinational issues, as well as a partner at Cordery Compliance, and is based in the UK. He is also on the Compliance Podcast Network as a co-host of the “Everything Compliance” and “Life with GDPR” podcasts.

 In this episode, we talk about what he thinks should be top of mind for E&C professionals in multinational organizations, how Brexit has impacted compliance programs, and what is new in the world of GDPR and data privacy.

Jonathan is also known for his ability to connect and build relationships. and talks about how he builds his network and his approach. Lisa and Mary like to think that one of the highlights of Jonathan’s career is that he won the GWICie for Comic Relief, and not only will you understand why after listening to this episode.

As always, we are so grateful for all of your support and if you have any feedback or suggestions for our line up or would just like to reach out and say hello, we always welcome hearing from our listeners. If you are enjoying this episode, please rate it on your preferred podcast player to help other likeminded Ethics and Compliance professionals find it.  You can also find the GWIC podcast on Corporate Compliance Insights where Lisa and Mary have a landing page with additional information about them and the story of the podcast.

You can subscribe to the Great Women in Compliance podcast on any podcast player by searching for it and we welcome new subscribers to our podcast.

Join the Great Women in Compliance community on LinkedIn here.

Categories
Life with GDPR

Potpourri Edition


Jonathan Armstrong returns from assignment to take on a potpourri of issues with co-host Tom Fox. We use the recent speech by Deputy Attorney General Lisa Monaco as a jumping off point to discuss how this change in DOJ enforcement policy and focus will be impacted by GDPR, the new EU Whistleblower Directive and how increased international cooperation around international anti-corruption compliance may play out. Some of the issues we consider include:

  1. Data protection issues under the new DOJ FCPA enforcement policy?
  2. Monitorships outside the US.
  3. Data privacy and investigations.
  4. Class actions in the UK going forward.
  5. Increased cooperation between the DOJ/SEC and the UK Serious Fraud Office.

Resources
Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Survive and Thrive

How to Survive a GDPR Data Breach in the USA


How to Survive a GDPR Data Breach in the USA Eventually, every company will deal with cybersecurity issues that include hacking that exploits security controls and technical, physical, or human-based elements. Such an emergency requires a robust internal incident response plan as soon as possible. Compliance leader, attorney, and international public speaker Kortney Nordrum reminds you of these crucial situations; “You want to have a plan before you have to use a plan.” Key points discussed in the episode:
✔️ Make sure there’s an incident or a crisis plan and that you have a set you’re going to call, who’s going to get on the phone, and who will make decisions. These should be documented so that there’s no time for guesswork when things are urgent.
✔️ Ensuring a solid system for awareness should start at the level of the customer service representative and the email help desk teams to preempt data breach issues. Have the right people be able to ring the right alarm bells early in your organization.
✔️ Evaluate the extent of the information security hack or breach on top of all other risk and regulatory assessments.
✔️ Determine which are the impacted customers and employees and analyze the individual countries of residence. Figure out where reporting should happen as prescribed in the General Data Protection Regulation (GDPR) of the European Union.
✔️ Set up a toll-free number for questions and work with the core team on public notices or any public response. When we see organizations getting hacked, you’ll see it on a blog before that organization says anything publicly. Make sure to direct the message rather than have gossip around what happened.
✔️ Engage a forensic firm if needed if in-house knowledge is not enough to assess what happened, how the breach occurred, and set the steps necessary to prevent it from happening again.
✔️ It is best for compliance professionals to remember what the adage says: “an ounce of prevention is worth a pound of cure.” Getting ready for a hacking incident requires early planning on initiating incident response measures tested at least yearly and reducing or preventing adverse impacts should they happen. —–
———————————————————————–
Welcome to SURVIVE AND THRIVE, the newest addition to the Compliance Podcast Network. This is a podcast where we unpack compliance, crisis disasters and walk you through all the red flags which appear, and give you some lessons learned going forward. This show is hosted by Compliance Evangelist Thomas Fox and Kortney Nordrum, Regulatory Cou
 

Categories
Life with GDPR

Happy Birthday GDPR, Part 2

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today we conclude a special two-part episode in honor of the 3rd anniversary of the go-live of GDPR. We review five key developments in GDPR review, regulation and enforcement over the past 3 years. In Part 1, we looked at the increased militancy in GDPR enforcement, both from regulators and in private actions and enforcement trends over the past 3 years.  In this Part 2, we consider the where of doing business, data security and customers issues as they have evolved over the past 3 years.

Resources

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.