The New York State Department of Financial Services (NYDFS) has issued extensive guidance addressing cybersecurity risks associated with artificial intelligence (AI) in the financial sector. Announced by Superintendent Adrienne A. Harris on October 16, 2024, this guidance marks a significant development in regulatory approaches to emerging technologies and cybersecurity.
Poland’s Personal Data Protection Office (UODO) has fined mBank more than €870,000 (4,053,173 PLN) for failing to notify customers affected by a significant data breach. The penalty, while substantial, represents just 0.0024% of the bank’s annual turnover, raising questions about the relative impact of such fines on large financial institutions.
The Information Commissioner's Office (ICO) recently announced the launch of a groundbreaking audit framework designed to revolutionize how organizations approach data protection compliance. This sophisticated new tool represents a significant advancement in enabling organizations to systematically evaluate and enhance their personal data handling practices.
The UK Information Commissioner's Office (ICO) has imposed a £750,000 fine on the Police Service of Northern Ireland (PSNI) following a catastrophic data breach that exposed the personal information of its entire workforce of 9,483 officers and staff.
The Federal Communications Commission (FCC) announced today a groundbreaking settlement with T-Mobile, resolving multiple investigations into significant data breaches that compromised the personal information of millions of American consumers. The agreement, which includes substantial financial penalties and far-reaching cybersecurity commitments, represents a pivotal moment in the FCC's ongoing efforts to bolster data protection within the telecommunications industry.
The Irish Data Protection Commission (DPC) has levied a substantial €91 million fine against Meta Platforms Ireland Limited (MPIL), a subsidiary of Meta Platforms, Inc. The decision, announced on September 27, 2024, marks the culmination of an extensive investigation that commenced in April 2019, following MPIL's disclosure of a critical security oversight involving the storage of user passwords in plaintext format within its internal systems.
Ancestry and genetics-testing company 23andMe has reached a $30 million settlement agreement in response to a class-action lawsuit stemming from a data breach that occurred last year. The settlement, which is still pending judicial approval, addresses the company's handling of a security incident that impacted millions of users.