Data Privacy & Cybersecurity

PDPC Steps Up NRIC Misuse Enforcement and Issues New Advisory

The Singapore Personal Data Protection Commission (PDPC) is stepping up enforcement against private organizations misusing NRIC numbers for authentication starting January 1, 2027. New advisories are also being issued to guide organizations on data protection lapses and recommend more secure authentication methods.

Ransomware Incident Data Breach and Security Lapses

Singapore's Personal Data Protection Commission issued a decision regarding a ransomware incident affecting 39,000 individuals' data due to security lapses. Three separate undertakings were also accepted for similar incidents. The Commission directed the organization to strengthen its security posture and highlighted key takeaways for all organizations to prevent future breaches.

Data Breach Decision Highlights Security Lapses

The Singapore Personal Data Protection Commission (PDPC) issued a decision regarding a data breach affecting 665,000 individuals due to system misconfiguration. The case highlights lapses in security practices and emphasizes the need for robust technical and governance measures.

Cambridge Analytica Payment Program Registration Deadline

Eligible Australian Facebook users impacted by the Cambridge Analytica matter must register for a payment program by December 31, 2025. The program, established by Meta Platforms as part of an enforceable undertaking with the Australian Information Commissioner, offers payments to over 300,000 affected individuals.

OAIC Statement on Bunnings Facial Recognition Technology Decision

The Australian Information Commissioner (OAIC) issued a statement regarding the Administrative Review Tribunal's decision on Bunnings' use of facial recognition technology (FRT). The Tribunal affirmed findings that Bunnings contravened privacy principles by failing to provide adequate notice and conduct a formal risk assessment for its FRT system.

Privacy Commissioner Statement on Bunnings Facial Recognition Decision

The Australian Privacy Commissioner has issued a statement regarding the Administrative Review Tribunal's decision on Bunnings' use of facial recognition technology. The statement clarifies that while the Tribunal allowed Bunnings to use the technology for specific crime prevention purposes, significant privacy safeguards and notification requirements remain crucial.

OAIC Highlights Improved Transparency in Government Automated Decision-Making

The Australian Information Commissioner (OAIC) has released a report highlighting opportunities for government agencies to improve transparency in automated decision-making (ADM). The report follows a review of 23 agencies and identifies a significant gap in public disclosure of ADM use, with only 17% of agencies disclosing it.

Hungary Ratifies Council of Europe Convention 108+

Hungary has become the 30th party to ratify the Council of Europe's Convention 108+, an international treaty concerning data protection. This action signifies Hungary's commitment to aligning its data protection laws with international standards.

Publication Obligation for Public Data Registry and Transparency Procedure

Hungary's National Authority for Data Protection and Freedom of Information has issued a notice regarding a new publication obligation for budgetary organs. All budgetary organs, except national security services, must publish financial management data bi-monthly on a new online platform, with potential fines for non-compliance.

NAIH launches AWARE project for GDPR awareness

The National Authority for Data Protection and Freedom of Information (NAIH) has launched the EU-funded AWARE project to increase GDPR awareness among micro and small enterprises, particularly in the beauty and private healthcare sectors. The project will run from 2025 to 2027 and includes research, an information website, webinars, and training.