A new portion of fines for inadequate data protection


Back to news

Recently, two more U.S. companies, Argon Medical Devices and the Heidell, Pittoni, Murphy & Bach LLP (HPMB) law firm were fined, as they failed to protect confidential data.  

The U.S. based Argon Medical Devices was fined approximately $240,000 by Norwegian Data Protection Authority. It turned out, that the company failed to comply with the Article 33 (1) of the GDPR, which requires to notify regulator about personal data breach incident occurrence within 72 hours. As it was stated the company discovered the data breach in July 2021, but didn’t notify the regulator until September 2021. 

Another U.S. based law firm Heidell, Pittoni, Murphy & Bach LLP (HPMB) was fined $200.000 by the New York Attorney General. As it was reported, because appropriate data protection measures weren’t taken in the organization, a data breach incident affected it in 2021. Personal and healthcare data on approximately 114.000 patients, including 60.000 of New Yorkers was exposed as a result of the incident. The data proceeded by the  organization included: 
•    Dates of birth
•    Social security numbers
•    Health insurance information
•    Medical history, and/or health treatment information


Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.