What types of compliance documents can ComplianceIQ generate?

ComplianceIQ generates privacy policies, terms of service, employee handbooks, data handling policies, OSHA compliance documents, acceptable use policies, HIPAA compliance docs, information security policies, and more — all tailored to your industry.

Are the generated documents legally valid?

ComplianceIQ generates comprehensive, industry-standard compliance documents informed by current regulations. While they provide an excellent foundation, we recommend having critical documents reviewed by legal counsel for your specific jurisdiction.

How does ComplianceIQ stay current with regulations?

Our AI models are continuously updated with the latest regulatory frameworks including GDPR, CCPA, HIPAA, SOC 2, OSHA, and more. Pro and Enterprise plans include regulatory update alerts.

← All enforcement actions

GLBABank Service Co ActBanking

Capital One — $80M + $190M class GLBA fine (2020)

Mis-configured AWS WAF → 106M records exfiltrated by a former AWS engineer

Penalty

$80M + $190M class

Regulator

OCC + class action

Jurisdiction

United States

Records affected

106M

What happened

A former AWS engineer exploited a misconfigured Web Application Firewall (Server-Side Request Forgery vector) to reach an internal metadata service and exfiltrate 106M credit-card applications. The OCC fined Capital One $80M citing insufficient cloud risk assessment + inadequate corrective action. A class action later settled for ~$190M.

Root cause

WAF misconfiguration allowed SSRF
IAM instance role had over-broad S3 permissions
No alert on anomalous internal egress to attacker-controlled buckets

What every team should do

Disable IMDSv1 / enforce IMDSv2 on all EC2 instances
Apply least-privilege to IAM instance roles; scope S3 access by prefix
Egress monitoring: alert on data flowing to unknown destinations
Run a cloud-specific risk assessment when migrating regulated workloads

Source: OCC consent order (Aug 6, 2020).

Would your controls have stopped this?

ComplianceIQ audits your existing policies in 60 seconds and shows you exactly which GLBA controls you are missing — mapped to enforcement patterns like this one.

Run my GLBA audit Generate missing policies

Capital One — $80M + $190M class GLBA fine (2020)

What happened

Root cause

What every team should do

Related enforcement actions