Tag archives: over-retention

Two FTC complaints that over-retention of personal data violates Section 5

On January 18, 2024, the U.S. Federal Trade Commission announced a complaint and proposed consent order with InMarket Media, LLC, a digital marketing platform and data aggregator.  Less than two weeks later, on February 1, the FTC announced a complaint and proposed consent order with software licensor and data provider Blackbaud, Inc.  In both cases, … Continue reading

$8 million penalty to NYDFS – and another case of over-retention

2024 was not a happy new year for Genesis Global Trading, Inc. (“GGT”).  On January 3, 2024, the New York Department of Financial Services announced a consent order with GGT, where GGT agreed to pay NYDFS $8 million and to surrender its BitLicense (for cryptocurrency trading), due to alleged violations of NYDFS’ cybersecurity and its … Continue reading

NYDFS settles with EyeMed for $4.5 million

On October 18, 2022, the New York Department of Financial Services announced a settlement with EyeMed, a licensed life, accident, and health insurer, with respect to a security incident that occurred in 2020.  The settlement claimed that EyeMed had committed seven violations of the NYDFS Cybersecurity Regulation, including failure to have an appropriate annual risk … Continue reading

Over-retention of personal data

Norton Rose Fulbright - Data Protection Report blogThe declining cost of electronic data storage may have caused some company executives to conclude that retaining personal data forever is “cheap.”  Perhaps the CNIL’s  €1.75 million (USD $2,051,930) penalty for over-retention will lead to a different view. The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an … Continue reading
LexBlog