Jay Cline: U.S. takes the gold in doling out privacy fines
* Security breaches the top cause. Over the last 15 years, security breaches were the most likely to draw a large fine. They accounted for some 35% of the sizable penalties in our database. Other privacy violations, such as disclosing personal data, either by accident or deliberately, and failing to provide opportunities for choice and consent were the next mostly like to trigger large fines. Each accounted for roughly 20%, respectively, of the large penalties in our survey.
* Top industries. Looking at fines by sector, healthcare providers, health insurance companies and drug stores account for the biggest share, 22%, of the large fines levied since 1999. Government entities at the national and local levels were faulted in 20% of cases, and telemarketers, providers of credit reports, loan collectors, market researchers and business-intelligence providers accounted for another 18%.
* Top geographies. Continental European data-protection authorities have chided their U.K. counterpart in the past for being too lax, but the evidence shows the Brits are the heaviest-handed in all of Europe. U.S. and U.K. regulators have, by a wide margin, imposed most of the large fines for privacy violations. U.S. regulators levied some 55% of the penalties exceeding $100,000 worldwide, with U.K. regulators following at 35%. The vast majority of fines levied by other EU and Asian privacy regulators, by comparison, fell below our $100,000 threshold.
I need here to confess the limitation of our analysis. Many privacy-enforcement actions outside the U.S. and U.K. don't find their way into the English-language press unless they're large amounts or levied against large multinationals. The Spanish privacy watchdog, for example, has reportedly taken 399 privacy-enforcement actions netting $26.7 million -- or $67,000 on average -- for the Spanish treasury over the past decade. Only one -- its December 2013 fine against Google for its Street View product, hitting its maximum level allowed by law of $1.23 million -- made the recent headlines in the English-language press.
U.S. leads gold-medal count for privacy fines, lawsuits
We also set out to rank-order the top privacy fines in history. When we did this, the U.S. dominated the leader board. (See Table 1)
Table 1: Top 20 government-imposed data privacy fines worldwide, 1999-2014
|Rank||Fined entity||Amount of fines and penalties||Year||Country||Privacy principles violated|
|1||Apple||$32.5M||2014||U.S.||Choice and Consent|
|3||$17M||2013||U.S.||Collection and Notice|
|8||Dish Network||$6M||2009||U.S.||Choice and Consent|
|9||DirecTV||$5.3M||2005||U.S.||Choice and Consent|
|12||Craftmatic||$4.4M||2007||U.S.||Choice and Consent|
|14||Barclays Bank||$3.8M||2013||U.S.||Use and Retention|
|15||Certegy Check Services||$3.5M||2013||U.S.||Accuracy|
|16||Playdom||$3M||2011||U.S.||Collection and Notice|
|17||The Broadcast Team||$2.8M||2007||U.S.||Collection|
|18||Equifax, TransUnion and Experian||$2.5M||2000||U.S.||Access|
|19||CVS Caremark||$2.3M||2009||U.S.||Security and Disposal|
|20||Norwich Union Life||$1.8M||2007||U.K.||Disclosure|
Government agencies aren't the only players that can make a company pay for its privacy wrongdoings. In some jurisdictions, individuals can join together in a class-action lawsuit and sue a company. In this manner, individuals make the long arm of the law stretch even further. This is nowhere truer than in the U.S., home to the top 10 privacy lawsuits in history. Like their government-enforcement cousins, these cases have also picked up steam in recent years, with 2013 alone registering four of the top 10 cases. (See Table 2)
More by Jay Cline
- Jay Cline: U.S. takes the gold in doling out privacy fines
- Jay Cline: Is privacy dead?
- Jay Cline: A growing cultural divide on privacy
- Jay Cline: What will Snowden leak next?
- Global winners and losers post-Snowden
- 7 reasons the FTC could audit your privacy program
- Google and the privacy Richter scale
- Jay Cline: Are medical-data breaches overreported?
- iPhone location-tracking incident boosts stock of 'privacy by design'
- Survey: The best privacy advisers of 2010
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- API Playbook: Drive API Adoption Through Developer Engagement Learn the best practices of how to engage developers, whether your goal is to attract external developers to your public APIs or improve...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- API Management: The Key to Improving the Consumer Travel Experience Join PhoCusWright's Senior Technology Analyst, Norm Rose, as he shares his insights on how travel suppliers and intermediaries can improve industry data flow... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!