Exterro's Legal GRC Breakdown

Get your daily dose of news, best practices, and technology from Exterro's e-discovery, privacy, and digital forensics experts here.

Data Privacy Alert: FTC Acts Against Drizly

Created on November 21, 2022


Director of Marketing, Privacy

This proposed order against both Drizly and its CEO means that executives and the companies they lead must add the FTC to the alphabet soup of agencies regulating their privacy policies and cybersecurity posture. Overview On October 24, 2022, the Federal Trade Commission announced its proposed action against the online alcohol marketplace Drizly and its CEO, James Cory Rellas, over its failure to take measures to prevent a security breach that compromised the personal data of approximately 2.5 million consumers who used its marketplace to place retail orders for beer, wine... Read More

Data Privacy Alert: Uber’s Former CSO Convicted of Crimes Related to Data Breach

Created on November 11, 2022


Director of Marketing, Privacy

In October 2022, a jury found Uber’s former chief security officer guilty of two crimes associated with a data breach at the transportation company. It is the first criminal conviction of a senior executive for obstructing an investigation into cybersecurity program compliance and concealing a cyber incident from regulators. Overview On October 5, 2022, a federal jury in the Northern District of California returned guilty verdicts against Joseph Sullivan on two counts: obstruction of justice and misprision of a felony. The charges stem from the role Sullivan played in responding to... Read More

Data Privacy Alert: Norwegian DPA’s Interpretation of Consent Sets New International Standard

Created on October 28, 2022


Director of Marketing, Privacy

In 2021, the Norwegian data protection authority, Datatilyset, issued an $11.7 million fine against the gay social media application, Grindr, for violating users’ consent under GDPR. When viewed in concert with recent trends, it is apparent that Datailyset’s definition of consent—requiring it to be specific, informed, freely given, unambiguous, and granular—will require organizations to transform how they obtain and manage consumer consent. Overview Datatilyset issued an administrative fine of NOK 100,000,000 (approximately €10 million) for its failure to comply with GDPR rules on consent. They found that Grindr shared user data... Read More