Recently, the FTC (Federal Trade Commission) has been busy levying fines against some big corporations for failing to protect consumer privacy.
It was announced on July 22 that Equifax “will pay between $330 million to $425 million to a restitution fund for victims in a settlement with the Federal Trade Commission (FTC) over a 2017 breach that exposed the personal information of 148 million people.” The reasons for such steep fines are not difficult to understand. New York Attorney General Letitia James minced no words when assessing Equifax. “This company’s ineptitude, negligence, and lax security standards endangered the identities of half the U.S. population,” she said in a statement. Sen. Mark Warner D-Va. Goes even further in his comments: “Americans don’t choose to have companies like Equifax collecting their data – by the nature of their business models, credit bureaus collect your personal information whether you want them to or not. In light of that, the penalties for failing to secure that data should be appropriately steep.”
If that wasn’t enough, earlier this month, the FTC voted to fine Facebook $5 billion for privacy violations regarding the Cambridge Analytica scandal. The $5 billion fine would be the largest ever levied by the FTC against a technology company, and the largest ever against any company for a privacy violation. While some people believe the fine isn’t enough, given the size of Facebook’s revenues, $5 billion “is a record-breaking amount by a wide margin,” that, “sends a message,” according to Jessica Rich, the former director of the FTC’s Bureau of Consumer Protection.
What these stories illustrate is that governments are prepared to fine corporations, big and small, for compliance violations, particularly where it impacts consumer privacy. While Equifax and Facebook are American companies, Canadian and global companies are also at risk of fines if they do not work to become compliant and protect consumer privacy. GDPR has been in effect for over a year and a half, and it already has made a huge impact. Already, France’s data protection authority announced that it will fine google $57 million (€50 million). Canada has already strengthened its PIPEDA (Personal Information Protection and Electronic Documents Act) regulations in November 2018. This means that Canadian businesses must report any security breaches to the Privacy Commissioner's office and notify individuals affected by a breach of security safeguards where there is a real risk of significant harm.
If you think for a minute what happened to Equifax and Facebook can’t happen to your business, then you’re wrong. A lack of compliance with government and industry standards could lead to steep fines, bad press, and the loss of your business. Contact Uzado today to find out how we can help keep your business compliant, prevent you from having to pay fines, and keep your business out of the newspapers.