Huge U.S., EU Privacy Fines Show Companies Need To Get ITAM Programs Squared Away Now

In News by IAITAM

CANTON, Ohio – July 12, 2019 – IT Asset Managers should be aware that regulators are paying attention to companies’ due diligence regarding privacy practices after officials in the U.S. and Europe handed out billions in fines this week.

“We’ve been advising organizations for more than a year that privacy laws are changing, and due diligence is going to be imperative,” said Barbara Rembiesa, president and CEO of the International Association of Information Technology Asset Managers (IAITAM). “Organizations with mature IT Asset Management (ITAM) programs already have a program in place that can help address vulnerabilities in due diligence, even when it comes to personal privacy.”

The U.S. Federal Trade Commission agreed today to a $5 billion settlement deal with Facebook. The FTC voted 3-2 to accept the settlement with Facebook over a breach of private information. The decision in the U.S. comes during the same week when two other companies – British Airways and Marriott – received large fines for breaking privacy laws in Europe.

The United Kingdom’s Information Commissioner’s Office (ICO) said it would impose a fine for British Airways of £183.4 million (US$229.4 million) and another on Marriott for £99.2 million (US$123.7 million). Those fines are the largest following the enactment of the European Union’s May 2018 General Data Protection Regulations (GDPR) laws.

“The GDPR makes it clear that organizations must be accountable for the personal data they hold,” said Information Commissioner Elizabeth Denham following the Marriott announcement. “This can include carrying out proper due diligence when making a corporate acquisition and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.”

Due Diligence and ITAM

 IT Asset Managers have a wealth of information available to them. That data can be used to help organizations make critical decisions about how they handle personal and private data.

One of the Key Process Areas (KPAs) of ITAM is “legislation.” IAITAM defined legislation as one of 12 foundational components of a mature ITAM program.

Savvy IT Asset Managers are keenly aware of the need to follow legislative trends. Those trends can read across a variety of processes within an IT environment. But one of the hottest trends in legislation is evolving privacy laws – and the fines and settlements are in the billions and growing.

That means organizations must reflect how they collect and store private data from their users or customers. Although many larger organizations also have privacy teams, an IT Asset Manager should be involved in making high-level decisions regarding privacy policies. A practitioner’s information could help an organization save billions in settlements and fines not only because of his knowledge of the laws, but also the uniqueness of that IT environment.

The FTC agreed to its largest-ever settlement into a probe about how Facebook allowed a data-mining group to get personal information from users’ profiles. According to multiple news sources, Facebook had said in April that it expected to spend up to $5 billion to settle the matter. The U.S. Department of Justice still must review the decision, which was made on party lines in favor of Republicans.

Although the deal with Facebook is a settlement and not a fine, the FTC’s largest previous fine was against Google. The FTC fined Google more than $22 million in 2012 because of that company’s privacy practices.

But the Facebook settlement proposal signals the end to an investigation about whether or not the social media powerhouse had violated a 2011 agreement that requires it to give clear information to users about its sharing practices with third parties. The social media platform came under fire after political consulting firm Cambridge Analytica had accessed the data of 87 million Facebook users for political ad profiling.

British Airways received its penalty for a 2018 personal data breach that affected about 500,000 customers. In the case of Marriott, the hotel chain said hackers gained financial and personal information on 383 million guest records between 2014-2018.

Both British Airways and Marriott can appeal the fines.

ABOUT IAITAM
The International Association of Information Technology Asset Managers, Inc., is the professional association for individuals and organizations involved in any aspect of IT Asset Management, Software Asset Management (SAM), Hardware Asset Management, Mobile Asset Management, IT Asset Disposition and the lifecycle processes supporting IT Asset Management in organizations and industry across the globe. IAITAM certifications are the only IT Asset Management certifications that are recognized worldwide. For more information, visit www.iaitam.org, or the IAITAM mobile app on Google Play or the iTunes App Store.

MEDIA CONTACT:  Whitney Dunlap, (703) 229-1489 or wdunlap@hastingsgroup.com.

Download this Press Release in PDF Format