After much anticipation, the General Data Protection Regulation (GDPR) finally went into effect on May 25, 2018. For employers, that means some enhanced employee rights, and the risk of significant penalties for non-compliance. This includes potential maximum fines of up to 4 percent of global annual revenue or 20 million euros, whichever is greater.
SB 1121, which is making its way through the California Legislature, would allow businesses to be sued for data breaches even when no one was actually injured. This includes being sued for failing to implement and maintain reasonable security procedures as well as for failing to properly notify affected individuals of a breach of their personal information. Opponents of this bill are calling it a “job killer”.
On April 24, 2018, the Securities Exchange Commission (SEC) announced a $35 million fine against the company formerly known as Yahoo! Inc. (now known as Altaba, Inc.) for failing to disclose a massive cyber data breach to its investors for nearly two years. This is the first time the SEC has punished a company for such conduct.