Month: July 2019
UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine
On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notification of a data breach at Starwood. Among its justifications for the record fine, the ICO cited inadequate data protection […]
Standing to be Dismissed – The U.S. D.D.C. Weighs in on “Actual Damage” in Data Breach Litigation
In Attias v. CareFirst, Inc., the U.S. District Court for the District of Columbia (D.D.C.) jumpstarted the debate concerning the harm plaintiffs must allege to move forward with data breach class action litigation. In recent years, courts across the country have disagreed about what constitutes an “injury-in-fact” when an individual’s […]
Will BA, Marriott Have to Pay UK ICO’s Huge Breach Fines? We Look at What’s Next.
The UK Information Commissioner’s Office (ICO) has issued Notices of Intent (NOI) to fine British Airways (for £183m) and US hotel group Marriott (for £99m) for breaches of the EU General Data Protection Regulation (GDPR). Assuming that fines are ultimately issued, these will be the first fines to be issued […]
At GDPR’s One Year Mark, Continued Compliance Efforts are Key and Can Help with CCPA Compliance
With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete. While that may be true for some companies, the reality for most is that their GDPR compliance efforts […]