Skip the navigation

Jay Cline: U.S. takes the gold in doling out privacy fines

February 17, 2014 10:19 AM ET

* Security breaches the top cause. Over the last 15 years, security breaches were the most likely to draw a large fine. They accounted for some 35% of the sizable penalties in our database. Other privacy violations, such as disclosing personal data, either by accident or deliberately, and failing to provide opportunities for choice and consent were the next mostly like to trigger large fines. Each accounted for roughly 20%, respectively, of the large penalties in our survey.

* Top industries. Looking at fines by sector, healthcare providers, health insurance companies and drug stores account for the biggest share, 22%, of the large fines levied since 1999. Government entities at the national and local levels were faulted in 20% of cases, and telemarketers, providers of credit reports, loan collectors, market researchers and business-intelligence providers accounted for another 18%.

* Top geographies. Continental European data-protection authorities have chided their U.K. counterpart in the past for being too lax, but the evidence shows the Brits are the heaviest-handed in all of Europe. U.S. and U.K. regulators have, by a wide margin, imposed most of the large fines for privacy violations. U.S. regulators levied some 55% of the penalties exceeding $100,000 worldwide, with U.K. regulators following at 35%. The vast majority of fines levied by other EU and Asian privacy regulators, by comparison, fell below our $100,000 threshold.

I need here to confess the limitation of our analysis. Many privacy-enforcement actions outside the U.S. and U.K. don't find their way into the English-language press unless they're large amounts or levied against large multinationals. The Spanish privacy watchdog, for example, has reportedly taken 399 privacy-enforcement actions netting $26.7 million -- or $67,000 on average -- for the Spanish treasury over the past decade. Only one -- its December 2013 fine against Google for its Street View product, hitting its maximum level allowed by law of $1.23 million -- made the recent headlines in the English-language press.

U.S. leads gold-medal count for privacy fines, lawsuits

We also set out to rank-order the top privacy fines in history. When we did this, the U.S. dominated the leader board. (See Table 1)

Table 1: Top 20 government-imposed data privacy fines worldwide, 1999-2014

Rank Fined entity Amount of fines and penalties Year Country Privacy principles violated
1 Apple $32.5M 2014 U.S. Choice and Consent
2 Google $22.5M 2012 U.S. Collection
3 Google $17M 2013 U.S. Collection and Notice
4 ChoicePoint $15M 2006 U.S. Security
5 Hewlett-Packard $14.5M 2006 U.S. Collection
6 LifeLock $12M 2010 U.S. Accuracy, Security
7 TJ Maxx $9.8M 2009 U.S. Security
8 Dish Network $6M 2009 U.S. Choice and Consent
9 DirecTV $5.3M 2005 U.S. Choice and Consent
10 HSBC $5M 2009 U.K. Security
11 US Bancorp $5M 1999-2000 U.S. Disclosure
12 Craftmatic $4.4M 2007 U.S. Choice and Consent
13 Cignet Health $4.3M 2011 U.S. Access
14 Barclays Bank $3.8M 2013 U.S. Use and Retention
15 Certegy Check Services $3.5M 2013 U.S. Accuracy
16 Playdom $3M 2011 U.S. Collection and Notice
17 The Broadcast Team $2.8M 2007 U.S. Collection
18 Equifax, TransUnion and Experian $2.5M 2000 U.S. Access
19 CVS Caremark $2.3M 2009 U.S. Security and Disposal
20 Norwich Union Life $1.8M 2007 U.K. Disclosure
Source: Jay Cline

Government agencies aren't the only players that can make a company pay for its privacy wrongdoings. In some jurisdictions, individuals can join together in a class-action lawsuit and sue a company. In this manner, individuals make the long arm of the law stretch even further. This is nowhere truer than in the U.S., home to the top 10 privacy lawsuits in history. Like their government-enforcement cousins, these cases have also picked up steam in recent years, with 2013 alone registering four of the top 10 cases. (See Table 2)



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!