IT Security & Privacy

The French data protection authority, known as the CNIL, has been actively enforcing its new simplified sanction procedure, which was introduced in 2022. Over the past two months, the CNIL has issued ten new decisions under this streamlined approach, imposing fines totaling €97,000 on both private and public-sector entities. These sanctions were a result of violations of various data protection requirements, highlighting the authority's commitment to upholding privacy and data protection regulations.

In a concerning development, Cook County Health has issued a warning that more than 1.2 million patients may have had their personal information exposed in a data breach involving medical transportation firm Perry Johnson & Associates (PJ&A). The breach occurred earlier this year and was brought to light by PJ&A in July, leaving a significant number of patients potentially impacted.

New York has taken a decisive step in strengthening its cybersecurity regulations, adding stricter requirements that surpass recent federal rules. The New York State Department of Financial Services (DFS), responsible for overseeing various financial institutions, has introduced these enhanced cybersecurity regulations in response to the growing threat of cyberattacks, emphasizing the need for more robust protections.

The Dutch consumer watchdog, the Netherlands’ Authority for Consumers and Markets (ACM), is challenging the fees imposed by Apple on dating app providers in the Netherlands. This move is part of the ongoing case against the tech giant concerning the dominance of its app store. While the dispute currently pertains to dating apps within the Netherlands, it is perceived as potentially setting a precedent for similar cases worldwide.

The Federal Trade Commission (FTC) has recently given its approval to a pivotal amendment to the Safeguards Rule, extending the requirement for non-banking financial institutions to report specific data breaches and security incidents to the agency.

The French Data Protection Authority (CNIL) has imposed a fine of 600,000 euros on GROUPE CANAL+, a prominent producer and distributor of pay television offers, for multiple violations of the General Data Protection Regulation (GDPR) and the French Post and Electronic Communications Code (CPCE). The fine comes as a result of various breaches, particularly in terms of commercial prospecting and individual rights.

Okta, a leading security technology provider for various organizations, has recently revealed that one of its customer service tools was compromised in a security breach. The hacker leveraged stolen credentials to access the company's support case management system and view files uploaded by certain customers. Okta's Chief Security Officer, David Bradbury, disclosed this breach in a securities filing. Fortunately, Okta emphasized that the affected system is distinct from its primary client platform, which remained secure.