Categories
Life with GDPR

Life With GDPR: Episode 30- British Airways GDPR Enforcement Action

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. In this episode, we discuss the recently announced proposed fine by the UK Data Protection Regulator against British Airways (BA) after its data breach. She intends to fine the airline £183.39 million (approximately $230MM).
Some of the highlights in this episode include:
  1. This proposed fine represents the largest GDPR fine in the UK.
  2. As the fine is now open to comment by BA and other national data protection regulators, the amount of the final fine may change.
  3. The BA CEO comes out swinging against this fine.
  4. What was the role of the ICO as ‘lead regulator’?
  5. Will BA’s tone-deaf posturing hurt or help it with the final penalty?
  6. What did BA know and when did they know (yes that is the famous Watergate question) will be a critical analysis.
  7. What remedial measures did BA engage in after it became aware of the breach?
  8. What are the lessons to be learned by the data privacy officer?
For more information on Cordery Compliance, go their website here.
For additional reading see the Cordery Compliance article, “UK Data Protection Regulator Announces Intention to Fine BA after Data Breach”.
Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Categories
Daily Compliance News

Daily Compliance News: July 9, 2019, the who you gonna call edition

In today’s edition of Daily Compliance News:

  • ICO proposes a $230MM fine to BA for data breach. (CorderyCompliance)
  • Carnival Corp to hire first CCO. (WSJ)
  • Who answers 911 calls? (Hint: Not the Ghostbusters) (NYT)
  • New DFS chief wants to protect consumers. (WSJ)
Categories
Daily Compliance News

Daily Compliance News: July 2, 2019, no job for you edition

In today’s edition of Daily Compliance News:

  • Is GDPR holding businesses back? (FT)
  • Non-Competes for Interns? Really? (WSJ)
  • Will Trump’s goal of energy independence kill off the US energy industry. (NYT)
  • The worst run franchise in the NBA takes its ineptness to a new level. (Sports Illustrated)
Categories
Daily Compliance News

Daily Compliance News: June 8, 2019-the thrown under the bus edition

In today’s edition of Daily Compliance News:

  • FIFA VP detained for questioning by French Police.(NYT)
  • In the UK, expect fines to increase under GDPR. (Compliance Week)
  • Want to go the ISS? NASA has a ticket for you (limited leg room in coach) (NYT)
  • What happens when new CEO throws old CEO ‘under the bus’? Meg Whitman explains. (FT)
Categories
Life with GDPR

Life With GDPR: Episode 29- GDPR Year 1 Review-Part II, the Issues

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. This episode is the first of a two-part series where  Jonathan Armstrong and myself consider some of the highlights from the first year of GDPR implementation and enforcement. In this Part I we considered some of the enforcement numbers. In this Part II, we discuss some of the substantive issues. Some of the highlights in this episode include:
  1. Security issues-multiple regulators for large breaches and questions of whether TOMs are adequate.
  2. 6 Principles of GDPR-highest is around transparency.
  3. Data Subject Rights are seen as the biggest corporate pain points.
  4. DPIAs have been embraced by many companies and are seen by regulators as the backbone of a corporate compliance program around data security/data privacy.
  5. Industry sweeps are beginning to occur.
  6. Mixed quality of legal advice is hurting many companies in their compliance efforts.
  7. Some significant cases are headed to trial and then appeal.
  8. GDPR is here to stay.
For more information on Cordery Compliance, go their website here.
For additional reading see the Cordery Compliance article, “GDPR One Year On”.
Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Categories
Life with GDPR

Life With GDPR: Episode 28- GDPR Year 1 Review-Part I, the Numbers

In this podcast, data privacy/data security expert Jonathan Armstrong and Compliance Evangelist Tom Fox use the framework of GDPR to discuss a wide range of issues relating to these topics. They consider what the US compliance and InfoSec security expert needs to know about what is happening in the UK, Europe and beyond. This episode is the first of a two-part series where  Jonathan Armstrong and myself consider some of the highlights from the first year of GDPR implementation and enforcement. In this Part I of this two-part series we consider some of the enforcement numbers. In Part II, we will consider some of the substantive issues. Some of the highlights in this episode include:
  1. EDPB says just over 150,000 complaints files EU under GDPR.
  2. Robust enforcement by both regulators and private bodies/citizens.
  3. UK leads with the largest number of complaints filed, followed by Germany then France.
  4. Around 950 complaints have reach courts.
  5. Italy is the country which has seen the largest number of court cases.
  6. Several countries are increasing inspections which could lead to enforcement actions.
For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.
Categories
Life with GDPR

Life With GDPR: Episode 26- The Importance of Passwords

In this episode, I visit with Jonathan Armstrong a topic which does not seem to garner the attention that it deserves in data protection; that being passwords. Some of the issues and highlights are:

  1. What is two-factor authentication?
  2. How, when and where should your use it?
  3. What are the most common passwords still in use?
  4. Why are passwords one of the most basic forms of data security protection?
  5. What are the lessons to be learned?

For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Life with GDPR

Life With GDPR: Episode 23- Looking into the 2019 Crystal Ball

In this episode, I visit with Jonathan Armstrong consider some of his predictions for the rest of 2019. Even if these predictions do not become fully formed, you should consider them in light of your data privacy/data protection policies and protocols. Some of the issues and highlights are:

  1. Drones-what are the GDPR implications.
  2. The number of data breach notifications under GDPR. Through the end of January there were over 42,000 in the EU alone.
  3. Will AI and self-driving cars follow the rules on safe driving standards, or will there be new rules for the road?
  4. What will be the effects of data, big data and AI in elections going forward? What will be the fallout from Cambridge Analytica going forward?
  5. How will businesses respond to the industrialization of internet crime? What happens when there is a Zero-Day exploit?
  6. Cybersecurity insurance. Will standard insurance rules and regulations apply, or will new policy language be drafted for such coverage?

For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Daily Compliance News

Daily Compliance News: March 1, 2019-Lion or Lamb? edition

MARCH 1, 2019 BY TOM FOX

In today’s edition of Daily Compliance News: