Data Privacy & Cybersecurity

GDPR Rights Procedure Resolution Against CaixaBank Payments

The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a GDPR rights procedure against CaixaBank Payments & Consumer. The case involves a consumer's complaint about inclusion in a debt collection file without proper notification or justification of debt assignment.

EDPB-EDPS Opinion on Biotech Act Privacy Implications

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have issued a joint opinion on the privacy implications of the proposed European Biotech Act. The opinion provides guidance on the GDPR compliance aspects of the proposed legislation.

EDPB Letter to EC on US Entry Privacy Implications

The European Data Protection Board (EDPB) has sent a letter to the European Commission expressing concerns regarding the privacy implications of recent US legislative developments affecting entry conditions for EEA citizens. The letter highlights potential risks to data protection and fundamental rights.

ICO Open Letter to Tech Firms on Age Checks and Child Data Protection

The UK's Information Commissioner's Office (ICO) has issued an open letter to social media and video-sharing platforms, urging them to strengthen age assurance measures to prevent underage children from accessing services. The ICO expects platforms to move beyond self-declaration and utilize available technology to enforce minimum age requirements.

CHIPS R&D Standardization Readiness Level Workshop Summary Report

The National Institute of Standards and Technology (NIST) has published a summary report from the CHIPS R&D Standardization Readiness Level Workshop. The report details discussions and findings related to standardization frameworks for semiconductors and microelectronics.

ICO Fines Police Scotland £66,000 for Data Mishandling

The ICO has fined Police Scotland £66,000 and issued a reprimand for serious data mishandling. Failures included excessive mobile phone data extraction and unlawful disclosure of sensitive personal information to a third party, violating UK GDPR and the Data Protection Act 2018.

Pyramid Global Hospitality Data Breach Notification

Pyramid Global Hospitality is notifying current and former employees of a data breach discovered on September 30, 2025, impacting personal information. The company is offering credit monitoring and identity restoration services and has notified relevant state regulators and federal law enforcement.

Data Breach Notification for CommonSpirit Health and Pinnacle Holdings

Washington State's Office of the Attorney General has been notified of a data breach impacting CommonSpirit Health, reported by vendor Northgauge Healthcare Advisors. The breach occurred at Pinnacle Holdings, a vendor to Northgauge, and may have exposed personal information of Washington residents.

Lakeside Pediatrics Data Breach Notification

Lakeside Pediatric & Adolescent Medicine PLLC is notifying 1314 Washingtonians of a data security incident that occurred on or about November 1, 2024. An unauthorized party accessed their systems, potentially exposing personal information. The company is offering credit monitoring services.

Drivestream Data Breach Notification

Drivestream, Inc. is notifying Washington residents of a data breach that occurred between December 4-9, 2024. An unauthorized actor accessed systems and potentially exfiltrated sensitive personal information, affecting 505 Washington residents. Drivestream is offering credit monitoring services.