Risk Roundup for September and October 2018

Published on November 27, 2018

2018.08.02 - Risk RoundupOur final Risk Roundup of 2018 checks in with GDPR at 100 days, braces for a devasting hurricane in Florida, goes online for Google’s data breach before wrapping up with Yahoo’s $50 million-plus class action lawsuit for its data breach.”

GDPR 100 days later
In early September, GDPR, the European Union regulation on data protection and privacy, crossed the 100-day mark. This video interview shows GDPR has made an impact but UK businesses are just now starting to embed processes for managing GDPR requirements. Overall, there has been a shift from keeping data to more urgently discarding of it. Whether it’s GDPR, California’s Consumer Privacy Act of 2018, or data privacy bills under review in state houses, how your company protects people’s privacy is growing in importance.

Hurricane Michael
On October 10, Hurricane Michael hit the Florida Panhandle near Mexico Beach as a Category 4 hurricane leaving devastation in its wake. The hurricane was the strongest storm ever recorded in the Florida Panhandle, and local regulations do not require building to withstand hurricane-force winds. The lesson here is being prepared for anything. It’s a good time to review and update your company’s business continuity and disaster recovery plan.

Google data breach
The Wall Street Journal reported a software glitch at Google that gave outside developers potential access to private Google+ profile data for three years. What made the breach noteworthy was the appearance that Google failed to provide breach notification for fear of triggering regulatory interest. Time will tell what falls out from this tech giant’s data breach and initial disregard for breach notification rules that are a key aspect of managing data privacy risk.

Yahoo’s $50 million-plus class action settlement for data breach
Based on a proposed agreement that would settle a class action suit, Yahoo will pay out millions of dollars to Yahoo users whose identity was compromised between 2012 and 2016. Legal fees will add millions more to the bill. While most organizations are rightfully concerned about customer trust and company reputation, this agreement is a helpful reminder of the financial ramifications of a data breach.

That’s it for our November edition of Risk Roundup. We’ll be back in January with a roundup of notable risks from November and December.

Related Articles:

NYDFS Cybersecurity Regulation Isn’t Just a Phase

NYDFS Cybersecurity Regulation Isn’t Just a Phase

The New York Department of Financial Services (NYDFS) Cybersecurity Regulation was a first-in-the-nation cybersecurity regulation when it became effective on January 1, 2017. It was big news then, and it’s big news now.