Data Privacy & Cybersecurity

ICO Decision on DBT Information Disclosure

The UK's Information Commissioner's Office (ICO) issued a decision regarding the Department for Business and Trade's (DBT) handling of an information request. While DBT was largely correct in withholding information, the ICO found breaches related to exceeding response times.

ICO Decision: Council correct to withhold park expenditure information

The UK Information Commissioner's Office (ICO) issued a decision finding Ards and North Down Borough Council was correct to withhold certain park expenditure information under commercial confidentiality exemptions. The ICO does not require the council to take further action.

NIST Updates Air-Kerma Standards and ADCL Calibration Coefficients

The National Institute of Standards and Technology (NIST) has updated its air-kerma standards and ADCL calibration coefficients. These changes align with the adoption of recommendations from the International Commission on Radiation Units and Measurements (ICRU) Report 90.

GDPR Resolution Fines Company 1,400 Euros for Unsolicited Email

The Spanish Data Protection Agency (AEPD) has issued a resolution fining JOMAFRAN 2013, S. L. 1,400 euros for violating data protection laws. The company sent unsolicited marketing emails referencing a judicial proceeding without prior consent or relationship with the recipient.

PlayOn Sports Fined $1.10M for Privacy Violations

The California Privacy Protection Agency has fined PlayOn Sports $1.10 million for privacy violations related to student data and targeted advertising. The company must also change its data collection and opt-out practices.

EDPB Conference on Cross-Regulatory Cooperation

The European Data Protection Board (EDPB) announced a conference on cross-regulatory cooperation in the EU, focusing on data protection perspectives. The event took place on March 17, 2026, and aimed to provide an overview of the EDPB's work in this area.

GDPR Fine of €4,000,000 Imposed on MODEL REYNA, C.B.

The Spanish Data Protection Agency (AEPD) has imposed a fine of €4,000,000 on MODEL REYNA, C.B. for violations of the GDPR. The company failed to respond to information requests from the agency during an investigation, leading to the sanction.

JATC Data Breach Notification

The UA Sprinkler Fitters Local 669 Joint Apprenticeship and Training Committee (JATC) has issued a data breach notification following suspicious activity detected on May 23, 2024. The breach potentially exposed names, Social Security numbers, driver's license numbers, and medical information of 518 Washington residents.

Phia Group Data Security Incident Notification

The Phia Group has notified the Washington Attorney General's office of a data security incident affecting approximately 2,802 residents. Personal information including clinical data, DOB, and SSN may have been compromised between July 8-9, 2024.

Fried Frank Data Breach Notice

Fried Frank, Harris, Shriver & Jacobson LLP is issuing a data breach notice to affected individuals following a cybersecurity incident discovered on October 27, 2025. The incident involved unauthorized access to a user account, leading to the potential exposure of personal information. The firm is offering two years of free credit and identity monitoring services.