CFTC Imposes $100,000 Penalty for Failure To Supervise IT Provider

On February 12, 2018, the Commodity Futures Trading Commission (CFTC) issued an order requiring AMP Global Clearing, a registered Futures Commission Merchant (FCM), to pay a civil penalty of $100,000 due to its failure to diligently supervise its IT provider in implementing AMP’s Information Systems Security Program. The order came after a third party was able to gain access to AMP customer records without authorization through a vulnerability in AMP’s network. The vulnerability had not been detected in three consecutive quarterly network risk assessments, despite the fact that security breaches resulting from similar vulnerabilities—including a number that occurred on network devices manufactured by the same manufacturer as AMP’s—had…

READ MORE

The Five Essential Elements of Accountability Under the GDPR Every Business Should Know

The General Data Protection Regulation (GDPR), which comes into effect in May 2018 (only six months from now) has been the subject of countless conference discussions, press stories, and company meetings about the challenges of compliance. The GDPR is a lengthy and complex read, and its requirements – ranging from detailed consent requirements to the need to conduct data protection impact assessments – can seem daunting. What is often lost in the concern about specifics is that the most important change the GDPR represents is the shift in thinking it requires. The GDPR provides that companies change their mindset from one of “check-box” compliance to accountability. It requires…

READ MORE

Achieved Compliance Participates in the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong

Last month, Achieved Compliance attended the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong. Stephen Kai-yi Wong, Privacy Commissioner for Personal Data, Hong Kong, hosted the event, which was attended by over 3,000 data protection authorities, privacy professionals, industry representatives and non-governmental organizations. The Commissioners’ Conference convenes annually and offers one of the best opportunities to learn not only about the current state of data protection law, but to understand what is top-of-mind for regulators and what new challenges they see on the horizon. Among its goals is to promote and enhance personal data protection and privacy rights around the world, and to provide a forum…

READ MORE

U.S. Federal Trade Commission Announces Settlement of First Privacy Shield Enforcement Action

On September 8, 2017, the Federal Trade Commission (FTC) announced settlement of its first enforcement action involving the terms of the Privacy Shield. Three companies – Decusoft, LLC, Tru Communication, Inc., and Md7, LLC were alleged to have violated the Federal Trade Commission Act (FTC Act) by falsely claiming that they were certified to the EU-U.S. Privacy Shield. In fact, they had not completed the certification process required. One of the companies, Decusoft, falsely claimed not to be certified to the Swiss-U.S. Privacy Shield. As part of their settlements with the FTC, the companies are prohibited from misrepresenting the extent to which they participate in any privacy or…

READ MORE