You Can’t Outsource Liability for Failure To Protect Data – Fine Issued for Negligence in Overseeing a Vendor’s Performance

If a recent decision of the French Data Protection Authority (CNIL) is any indication, companies can expect that data protection authorities will hold them responsible for ensuring that the vendors they contract with can secure and protect the company’s personal data. On July 27, 2017, the French Data Protection Authority (CNIL) fined the Hertz Corporation €40,000 when information about approximately 35,000 users was exposed to inappropriate access because of the negligence of a vendor in charge of designing the Hertz France website. The privacy office’s enforcement committee July 18 held that Hertz failed to meet its data security obligations. The enforcement audit of the company’s website determined that a…

READ MORE

UK Authority Warns Small Companies: “Data Protection Laws Apply to You” Fining an SME £60,000 for Failing To Take Basic Steps

The UK Information Commissioner’s Office sent a clear signal last month that it is paying close attention to the data protection measures taken by small and medium sized companies. In a statement published June 27, 2017 titled “Warning to SMEs as firm hit by cyber attack fined £60,000” (i.e. about $80,000 U.S.), the ICO announced an action against Boomerang Video, a small Internet company based in Berkshire, England, for failure to take appropriate steps to secure customer information. ICO enforcement manager, Anne Poole said: “Regardless of your size, if you are a business that handles personal information then data protection laws apply to you.  “If a company is subject to…

READ MORE

Sequel Announces PrivacyMinder™ Platform

I am pleased to announce the launch of PrivacyMinder™, a new tool Sequel Technology & IP Law is offering to help you comply with data protection laws. PrivacyMinder brings together our deep experience in client counseling with the benefits of easy-to-use technology, a suite of educational videos, and a robust template database. PrivacyMinder is specially designed to meet the needs of companies that do not have the benefit of a compliance staff or legal counsel skilled in this area. PrivacyMinder was originally designed to assist companies in meeting the requirements of new laws like the EU’s General Data Protection Regulation. But it does more: PrivacyMinder helps you understand…

READ MORE

You Are Making Promises in Your Privacy Policy – False or Misleading Statements Can Lead to the Payment of Damages

A new privacy law signed last month is a reminder that data protection and privacy are not just issues for companies who must comply with the EU’s General Data Protection Regulation (GDPR). In the United States, regulators at the state level are turning their attention to companies who collect and use personal information – and they are putting in place their own rules about how it should be protected and managed responsibly. A newly signed Oregon law is an example of how states are moving towards interpreting unfair competition laws to cover statements make in a privacy policy. This trend has been seen in many states. California, Connecticut,…

READ MORE

The Countdown Is On – One Year to GDPR & SMEs Lag In Competitiveness and Compliance

This week marks exactly one year until EU individuals will have new rights with respect to how all businesses must protect personal data. Whether a particular business is big or small, based in the EU or based in the US, each must fully comply with the game-changing General Data Protection Regulation (GDPR). GDPR took center stage in Berlin recently, when policymakers, businesses, and regulators from 20 countries met in Berlin at the 7th annual European Data Protection Days conference. Nearly every speaker emphasized the challenges the regulation raises for small and medium sized companies (SMEs) and the critical need for those companies to comply. Companies of all sizes…

READ MORE