Customers trust businesses with a great deal of information when they sign up for their service. Imagine the number of strangers who could access your data such as phone number or contact address if platforms like FaceBook or Snapchat are not careful with their privacy features.
Services like Verizon Connect, Amazon app, Instagram, etc. often hold crucial personal information of their users. Although shared with consent, the data is meant to stay with the company only.
However, cybersecurity breaches are not uncommon. When such a breach occurs, the company may lose significant customer data. As a result, they have to face fines, fees, or penalties as consequences.
When cybersecurity laws are broken, it seems that customers are the only party that suffers. Many companies have, to date, faced huge fines but their operations seem to go on undisturbed.
Let’s Take a Look At Some Examples!
Amazon
Although the reasons have not been confirmed, it is known that Amazon is facing a pending fine of $877 million for breaches of the GDPR. The company is appealing the fine and authorities confirm that no such data breach has taken place. It also ensures the customers that their information is safe from third parties.
One of the well-known cases occurred in 2022 when Ireland’s Data Protection Commissioner fined the app for violating children’s privacy under the terms of GDPR. It was stated that particularly information about the phone number and email addresses was made public, without consent, when the users upgraded from personal to business profiles. To ensure that analytics tools and profile visits worked properly, Instagram made young users’ information public, or so the Commissioner informed.
Similar to Amazon’s course of action, Instagram wonder appealed to the fine and publicly shared how the company’s management did not agree with the method undertaken to calculate the fine.
Here’s a name known to all!
This has to be our favorite social app given how it dissolves distances and allows users from across the border to connect via phone calls, video calls, and messages relying on the internet alone.
As it turns out, Whatsapp was also fined $255 million in 2021 for a series of GDPR cross-border data protection infringements in Ireland. The case was only finalized in 2021 and it has been undergoing scrutiny and investigation since 2018. It was put forward by Whatsapp users and non-users involving alleged breaches of transparency and data subject information obligations under multiple articles.
Uber
Uber won popularity quickly and perhaps that is why just in earlier years of operation, it experienced a privacy breach which resulted in more than 57 million user accounts getting hacked. It was reported that Uber paid more than $100,000 to the perpetrator to keep the incident under wraps. When the legal authorities realized what had happened, Uber was charged with a $148 million fine in 2018.
Capital One
Capital One 360 is one of the biggest financial companies in the United States. Despite its efforts to keep users’ data safe, the bank had to pay a $190 million fine when a lawsuit was filed against it by US customers pointing out the data breach that affected millions of people nationwide.
The data breach exposed account details of many customers but Capital One denied all liability. However, it coordinated with the federal government to soon catch the culprit who was imprisoned for fraudulent activities. Later on, the bank was able to reach an agreement that resolved the issues with consumers.
Changes Over The Years In Relevant Laws
State laws in Virginia Newport, India, DC, California, and other major regions have been considerably changed to ensure that operating companies are keen to protect clients’ information.
At this point, the laws are also being aggressively enforced. For example, HIPAA has been applied to a wide range of companies. Such businesses are also strongly advised to maintain a reliable IT infrastructure to tackle any unfortunate event timely.
Large retailers like Amazon now perform a regular gap analysis to determine the difference between real levels of protection as compared to the security levels that are required for efficient protection. It has made risk assessment compulsory as well. This helps understand the consequences of expected threats and the steps individual companies should take to maximize cybersecurity.