Selling and utilising personal data in an insolvency situation

Data Protection Report

Many businesses are suffering serious financial difficulties as a result of COVID-19, particularly those in the retail, hospitality and tourism sectors. What are the legal mechanisms to sell or utilise personal data in an insolvency situation?

Fortnum & Mason customers’ personal data exposed in breach

IT Governance

As the saying goes, you’re only as strong as your weakest link, which is as true for data security as any other situation. Unfortunately, world-famous retailer Fortnum & Mason was recently let down by a weak link – survey company Typeform – that exposed the personal data of 23,000 of its customers. A breach of Typeform affected Fortnum & Mason customers who voted using the Typeform form in the “TV Personality of the Year” category.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GDPR. Forget bitcoin, data is the new currency of retail

OpenText Information Management

On May 25, 2018, the new EU data privacy regulation, known as the General Data Protection Regulation (GDPR), comes into force. Forget bitcoin, data is the new currency of retail appeared first on OpenText Blogs. Compliance B2B B2B Commerce Data data privacy data protection EIM GDPR gdpr readiness General Data Protection Regulation new business models personal data retail

DPIAs for retail and hospitality 

IT Governance

Although DPIAs (data protection impact assessments) are not a new concept, the GDPR (General Data Protection Regulation) now mandates them under certain circumstances. A DPIA is essentially a risk assessment that needs to be conducted before carrying out any processing activities, particularly those “using new technologies”, that are “likely” to result in a “high risk” to the rights and freedoms of natural persons. It’s relevant for everyone, including retail and hospitality.

How data breaches are affecting the retail industry

IT Governance

Data breaches. What steps will the ICO (Information Commissioner’s Office) take to ensure organisations comply with the recently enforced GDPR (General Data Protection Regulation)? Only time will tell – and we may not have to wait long – but in the meantime, what is the impact of data breaches in the retail industry, and what needs to be done to mitigate them? The data included contact information, usernames and encrypted passwords. Protect cardholder data.

Data monetization: driving the new competitive edge in retail

CGI

Data monetization: driving the new competitive edge in retail. Retailers are fully aware that their future relies largely on their ability to use data efficiently. Data has become an essential resource and a key element in the growth strategy of large retail organizations.

CNIL Adopts Its First Sanction as Lead Supervisory Authority, Fining French Online Shoe Retailer

Hunton Privacy

On August 5, 2020, the French Data Protection Authority (the “CNIL”) announced that it has levied a fine of €250,000 on French online shoe retailer, Spartoo, for various infringements of the EU General Data Protection Regulation (“GDPR”).

Are Data Breaches the New Reality for Retail?

Thales Cloud Protection & Licensing

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. While retailers digitally transform their businesses to better serve the higher demands of their customers, they’re being challenged with safeguarding personal data to protect customers, partners and suppliers’ critical information. Data Breach

It’s time to think twice about retail loyalty programs

Thales Cloud Protection & Licensing

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program. But it looks like my own personal data has been breached – again. What I’d originally planned to write about was a topic that directly applies – why retailers of all stripes are not investing in data security. To make a long story short – the top reason that they didn’t invest in data security was “lack of perceived need” at 52%.

Crooks claim to have stolen 20k customer records from Superdrug cosmetics retailer

Security Affairs

Hackers claim to have stolen the personal details of almost 20,000 Superdrug customers who shopped online at the cosmetics retailer. The British Superdrug is the last victim of a security breach, hackers claim to have stolen the personal details of almost 20,000 people who shopped online at the cosmetics retailer. ” Superdrug tried to downplay the incident, sustaining that the hackers obtained the credentials from third-party data breaches.

UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

Hunton Privacy

On January 8, 2017, the UK Information Commissioner (“ICO”) issued an unprecedented monetary penalty of £400,000 against British mobile phone retailer, The Car Phone Warehouse Limited. Following an attack on their system in 2015, the ICO found that the company had failed to take adequate steps to protect the personal data it held on its system.

From channel to customer: How an omni-channel experience is the key to the retail industry’s success

CGI

From channel to customer: How an omni-channel experience is the key to the retail industry’s success. Is the hype around the retail store being dead simply that, hype? Retailers that are thriving in today’s disrupted and highly competitive environment have transformed the role of the brick-and-mortar store to effectively bridge the gap between the physical and digital worlds. One of the largest sporting goods retailers is a good case in point.

UK Fines Dixons Carphone for Massive Breach

Data Breach Today

Retailer's Missteps Led to 'Careless Loss of Data,' Privacy Watchdog Says British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware.

Retail 151

Personal Data Stores – Get ready for a step change

CGI

Personal Data Stores – Get ready for a step change. What if Facebook, Google, Amazon etc all started paying you for the personal data you create whilst browsing their sites? With many organisations making millions from selling targeted advertising using user generated profiles and given that Forrester say that more than $2 billion is spent each year on ‘third party data about individuals’ is clear that this is an attractive market.

FRANCE: New cooperation agreement between the CNIL and DGCCRF

DLA Piper Privacy Matters

On 31 January 2019, the French Data Protection Supervisory Authority (CNIL) and the French General Directorate for Competition Policy, Consumer Affairs and Fraud Control (DGCCRF, authority in charge of consumer protection) signed a new protocol of cooperation to improve protection of personal data of consumers. Share their analysis in the evolution of the legal and regulatory consumer and data protection framework. By Denise Lebeau-Marianna and Caroline Chancé.

B2C 40

Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds

Hunton Privacy

As reported on the Hunton Retail Law Blog , on April 26, 2021, the U.S. Court of Appeals for the Second Circuit affirmed the dismissal on Article III standing grounds of a data breach class action predicated on an alleged increased risk of identity theft.

Risk 67

Dixons Carphone Cyberattack Targets 5.9M Bank Cards

Threatpost

Dixons Carphone said it discovered a massive cyberattack on its processing systems that targeted millions of payment cards and personal data records. Hacks Vulnerabilities breach cyber attack Data data breach Dixons carphone GDPR payment card retail

From channel to customer: How an omni-channel experience is the key to the retail industry’s success

CGI

From channel to customer: How an omni-channel experience is the key to the retail industry’s success. Is the hype around the retail store being dead simply that, hype? Retailers that are thriving in today’s disrupted and highly competitive environment have transformed the role of the brick-and-mortar store to effectively bridge the gap between the physical and digital worlds. One of the largest sporting goods retailers is a good case in point.

Gearbest Database Leaks 1.5 Million Customer Records

Data Breach Today

White Hat Hackers Expose Lax Security Practices at Chinese Online Retailer An unprotected database belonging to Chinese e-commerce site Gearbest exposed 1.5 million customer records, including payment information, email addresses and other personal data for customers worldwide, white hat hackers discovered

Retail 156

Dixons Carphone Hack Compromises 5.9M Payment Cards

Dark Reading

The UK electronics retailer says the hack, which began last July, also involves 1.2M personal data records

CCTV and the GDPR – an overview for small businesses

IT Governance

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements. You can find more information about GDPR compliance on our website >> Data processing principles (Article 5). Kept in a form that allows data subjects to be identified for no longer than is necessary. To data portability.

GDPR 81

Businesses to Assist NHS Test and Trace Efforts

Hunton Privacy

Establishments and companies in the UK will therefore be responsible for the additional collection and potential sharing of customers’ personal data. Any entity engaging in this kind of data collection will need to comply with the requirements of data protection law.

The California Consumer Privacy Act Surfaces in Recent Data Breach Class Action Complaint

Hunton Privacy

Filed in the wake of retailer Hanna Andersson’s announcement of a data breach that allegedly compromised, among other things, customer payment card data, the plaintiff expressly claims a “deprivation of rights” under the CCPA based on the alleged “fail[ure] to maintain reasonable security procedures and practices appropriate to the nature of” personally identifiable information maintained by the defendants.

Shopping safely over Black Friday and Cyber Monday

IT Governance

Black Friday and Cyber Monday are almost upon us, kickstarting what retailers hope will be a successful trading period. However, the flurry of purchases and the data that represents means cyber criminals will also be looking to cash in. However, retailers offering both a physical and digital presence stand to gain the most, as the omnichannel approach is favoured by 69% of UK-based survey respondents. And never disclose your personal information.

Sales 75

Dixons Carphone: 5.9 million payment cards compromised

IT Governance

Dixons Carphone has suffered a major data breach involving 5.9 million personal data records. At this point, the major consumer electronics retailer said there was no evidence of any fraud. In a second breach, personal customer data in the form of names, addresses and email addresses was accessed. The retailer’s chief executive, Alex Baldock, has apologised for the data breach and admitted that the firm has failed its customers.

Card Factory allowed customer photos to be exposed publicly

IT Governance

If these could have been used to identify individuals, this would have constituted a personal data breach under the EU GDPR (General Data Protection Regulation). It has also contacted the Information Commissioner’s Office, which “confirmed that this was not a data breach and no personal data was compromised”. Win the war against data breaches! Cyber Security EU GDPR Retail data breach

Adidas data breach

IT Governance

On 28 June 2018, athletic apparel company Adidas announced that its US website had suffered a data breach , exposing online customers’ personal data. In its statement , Adidas said: “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. If you would like more information on how to do this, request a call with one of our retail experts. Cyber Security EU GDPR Retail

Major data leak at Cathay Pacific

IT Governance

Hong Kong-based airline Cathay Pacific has announced a major data breach affecting up to 9.4 What data has been compromised? The breach exposed a broad selection of data, including: names. Rupert Hogg, CEO of Cathay Pacific, confirmed that there is “no evidence that any personal data has been misused. British Airways , Heathrow Airport , Bristol Airport and Air Canada have all suffered data breaches in recent months. Win the war against data breaches.

BA data breach: 565,000 customers may have been affected

IT Governance

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. The incident is still being investigated by the National Crime Agency and National Cyber Security Centre , with a skimming script that scraped data from online payment forms thought to be the cause. Is your organisation prepared for a data breach?

Website operators joint controllers with third-party plugin providers

Data Protection Report

In its ruling, the ECJ held that operators of websites embedding Facebook’s “Like” button act as data controllers jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to the relevant websites. The Case: Fashion ID GmbH & Co.KG (Fashion ID), a German online clothing retailer, embedded Facebook’s “Like” button plugin on its website.

Safely adopting technology in the hospitality industry

IT Governance

These ensure that data can flow easily between systems while also offering a more flexible approach to forward planning that can be adapted to suit evolving requirements. They also offer other compelling benefits, such as unlimited data storage, encryption, technical support and reduced demand for internal hardware. . The following are the key areas that need to be considered as more technologies are adopted: GDPR(General Data Protection Regulation).

Heathrow Airport fined £120,000 for data breach

IT Governance

The ICO (Information Commissioner’s Office) has fined Heathrow Airport £120,000 for failing to secure sensitive personal data after a member of public found an unencrypted USB stick containing data about the airport’s staff. This data was “erroneously captured” during a three-second portion of the video, when a page from an open ring binder containing the information briefly appeared on screen. How did the data breach occur?

Morrisons loses data leak appeal

IT Governance

Supermarket giant Morrisons has lost the latest round in the legal battle for compensation by thousands of its staff whose personal details were leaked on the Internet. The 2014 breach saw Andrew Skelton, a disgruntled senior internal auditor, upload the details of 99,998 staff to data sharing websites. The data included bank account details, salary information, dates of birth, National Insurance numbers, addresses and phone numbers.

Getting Customer Communications Right in Times of Coronavirus

HL Chronicle of Data Protection

Across the world, large retail stores and small businesses alike are shutting their doors. With all of the cancellations, postponements, and alternative arrangements that are required as a result of this global crisis, plus the special desire of all retail, travel, and other consumer-facing businesses to stay in touch with their customers, many organisations face the critical challenge of getting to grips with the legal rules that apply to those unsolicited communications and interactions.

Robot receptionists aren’t the answer: Why the hotel industry should rethink its approach to smart technology

IT Governance

Data breaches hit the headlines practically every day , and privacy concerns, such as those at Facebook and Amazon , have caused customers to turn away from services or at least take a keener interest in the way organisations use their information. This is particularly true for the hotel industry, which is one of the worst-affected by cyber crime and data breaches. We provide guidance and solutions to help keep your data secure and respond quickly when disaster strikes.

The EDPB’s Narrow View of Contractual Necessity

HL Chronicle of Data Protection

The European Data Protection Board (EDPB) has adopted the narrowest possible interpretation of ‘contractual necessity’ as a ground for processing of personal data. Article 6(1)(b) sets out one of the six possible lawful grounds for personal data processing under the European Union’s General Data Protection Regulation (GDPR).

Getting #BreachReady: prepare for the worst, hope for the best

IT Governance

The EU GDPR (General Data Protection Regulation) is very much alive and kicking. Since its coming into force in May, the EU-wide GDPR has led to an increase in data breach reporting, as the requirement is for organisations to notify the ICO of a breach within 72 hours of becoming aware of it. Understand the GDPR’s requirements , as well as how your company collects, stores and uses data. What can you do if you suffer a data breach?

New Jersey Moves Forward With Shopper Privacy Bill

Hunton Privacy

On September 15, 2016, the New Jersey Senate unanimously approved a bill that seeks to limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act , must now be approved by the New Jersey Assembly. State Law Consumer Protection Gramm Leach Bliley Act HIPAA New Jersey Personal Data Personal Information

Mic Drop: California AG releases long-awaited CCPA Rulemaking

Data Protection Report

In the press release announcing the proposed regulations, Attorney General Becerra described CCPA as “[providing] consumers with groundbreaking new rights on the use of their personal information” and added, “It’s time we had control over the use of our personal data.” The proposed regulations are intended to operationalize the CCPA and provide practical guidance to consumers and businesses subject to the law.

Hunton & Williams Launches M&A Privacy and Security Initiative

Hunton Privacy

Having counseled global technology companies, retailers, financial institutions and other businesses through some of the most significant, high-profile data breaches in corporate history, the privacy and security in M&A transactions team is well-positioned to help companies evaluate and address any privacy- and data security-related challenges in the time-sensitive period preceding an M&A transaction, as well as in its aftermath.