Glasshouse Media Data Breach Notification
Glasshouse Media is issuing a data breach notification dated March 23, 2026, to affected individuals. The incident involved the inadvertent receipt of an internal file containing employee names and Social Security numbers. The company is offering 24 months of complimentary identity protection services through Experian IdentityWorks.
Colaberry Inc. Data Breach Notification
Colaberry Inc. has issued a data breach notification to Massachusetts residents whose 2025 Form W-2 information may have been compromised. The company is offering 24 months of complimentary credit monitoring and identity theft protection services through Cyberscout.
Massachusetts Breach Notification: Obtaining Free Credit Reports
This document provides guidance to Massachusetts residents on how to obtain free credit reports from major credit reporting companies. It outlines the process for requesting reports and what steps to take if discrepancies or suspicious activity are found, including contacting law enforcement and the FTC.
Mark Leyden & Associates Data Breach Notification
Mark Leyden & Associates, LLC is notifying individuals of a data breach that may have exposed personal information. The company is offering complimentary credit monitoring and identity theft protection services through IDX. Affected individuals are advised to enroll by June 20, 2026.
Massachusetts DOR Data Breach Notification
The Massachusetts Department of Revenue issued a sample data breach notification letter to inform individuals about an unauthorized disclosure of personal information due to employee error. The notice outlines the rights of affected individuals, including placing a security freeze, and offers 24 months of free credit monitoring services.
Tower FCU Data Breach Notification
Tower Federal Credit Union has issued a data breach notification following an inadvertent employee error that sent a member's personal information, including Social Security number and date of birth, to another member. The credit union has updated its internal processes and provided credit monitoring services to affected individuals.
MedPeds Data Breach Notification
MEDPEDS, a healthcare provider, is notifying patients of a data breach that occurred on September 2, 2025, due to a virus that encrypted data and allowed unauthorized access. Patient information including name, date of birth, address, phone number, and medical records may have been viewed. MEDPEDS has improved security measures and contacted the FBI.
Massachusetts Data Breach Notification Requirements for Consumers
The Massachusetts Attorney General's office has issued a notice detailing data breach notification requirements for consumers. This notice outlines the information consumers must provide to verify their identity and address potential identity theft, including specific documentation and procedures for placing and managing security freezes on credit reports.
Hightower Holding LLC Data Breach Notification
Hightower Holding LLC is notifying individuals of a data breach that occurred between January 8-9, 2026, and January 19-20, 2026, due to compromised user accounts. The breach resulted in unauthorized access and download of files containing personal information. The company is offering complimentary credit monitoring services.
Connell Family Office Data Breach Notification
Connell Family Office & Management, Inc. is notifying individuals of a data breach that may have impacted personal information, including names. While no misuse is indicated, the company is offering complimentary credit monitoring and identity restoration services through Experian. Affected individuals must enroll by June 30, 2026.
Quatrro Data Breach Notification and Credit Monitoring Offer
Quatrro Business Support Services, Inc. is issuing a data breach notification to affected individuals, offering a complimentary 24-month membership to credit monitoring services provided by Kroll. The notice details the incident, the services offered, and steps individuals can take to protect themselves.
Law Offices of James Scott Farrin Data Security Event Notification
The Law Offices of James Scott Farrin is notifying individuals of a data security event that occurred on September 8, 2025, involving the unauthorized acquisition of personal information, including names and Social Security numbers. Affected individuals are offered free credit monitoring and fraud assistance services.
PCPD Joins Global Network Examining Children's Apps
The Privacy Commissioner's Office of Hong Kong joined 26 global privacy authorities in the 2025 Global Privacy Enforcement Network (GPEN) Sweep focused on children's privacy. The exercise examined nearly 900 websites and apps, finding an increase in mandatory data collection and third-party sharing compared to a 2015 sweep, though some platforms showed improved age assurance measures.
IAPP Survey on Digital Governance Complexity
The IAPP is launching its 2026 Governance Survey to gather insights on privacy, AI, and digital governance amidst increasing regulatory complexity and geopolitical tensions. The survey aims to benchmark organizational practices and inform international digital policy development.
CJEU Decision on DSARs and Compensation Eligibility
The Court of Justice of the European Union (CJEU) ruled on the interpretation of Article 12(5) of the GDPR concerning Data Subject Access Requests (DSARs). The decision clarifies that a single DSAR can be considered excessive or abusive, and controllers may rely on publicly available information to assess such claims, impacting how organizations handle and potentially refuse DSARs.
Fifth Circuit Hears NetChoice v. Fitch Age Verification Case
The Fifth Circuit heard oral arguments in NetChoice v. Fitch, a challenge to Mississippi's child age verification law. This case examines the constitutionality of laws requiring platforms to verify user ages, potentially impacting online anonymity.
Electoral Commission FOI Breach Decision
The UK's Information Commissioner's Office (ICO) issued a decision notice finding the Electoral Commission breached Section 10 of the Freedom of Information Act (FOIA) by failing to respond to a request within the statutory 20-day period. The Electoral Commission is required to provide a substantive response to the complainant.
ICO Decision Notice: Shropshire ICS Failed to Respond to FOI Request
The UK's Information Commissioner's Office (ICO) has issued a decision notice against Shropshire, Telford and Wrekin Integrated Care System (ICS) for failing to respond to a Freedom of Information (FOI) request within the statutory 20-day period. The ICO requires the ICS to provide a response to the complainant within 30 calendar days.
ICO Decision Notice: Dordon Parish Council FOI Request Failure
The UK's Information Commissioner's Office (ICO) has issued a decision notice against Dordon Parish Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20-working-day period. The ICO requires the council to provide a response to the complainant within 30 calendar days.
ICO Decision on Police Conduct Reports
The ICO issued a decision regarding a Freedom of Information request for police conduct reports concerning a former Metropolitan Police officer. The ICO upheld the exemption under section 30(1)(a)(i) FOIA, finding that investigations and proceedings information should remain withheld.
ICO Decision on Southern Water EIR Request
The UK's Information Commissioner's Office (ICO) issued a decision regarding Southern Water's handling of an Environmental Information Regulations (EIR) request. While Southern Water was permitted to withhold some information related to a sewer level monitor, the ICO found that the company failed to respond within the required statutory timescales.
Rotherham Council FOI Exemption Upheld by ICO
The UK's Information Commissioner's Office (ICO) has decided that Rotherham Metropolitan Borough Council correctly applied the section 43(2) exemption under the Freedom of Information Act (FOIA) to withhold information regarding operator costs at Forge Island. The ICO found that the public interest favoured maintaining this exemption.
ICO Upholds FOI 17, Finds HMRC in Breach of Section 17
The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a Freedom of Information (FOI) request made to HM Revenue and Customs (HMRC). The ICO upheld HMRC's decision to neither confirm nor deny holding information about a specific individual and property, citing section 44(2) of FOI. However, the ICO found HMRC in breach of section 17 of FOI for its handling of the request.
ICO upholds FOI exemption for Rural Services Delivery Grant
The UK's Information Commissioner's Office (ICO) has upheld the Ministry of Housing, Communities and Local Government's decision to withhold information regarding the withdrawal of the Rural Services Delivery Grant. The ICO found that the exemption under section 35(1)(a) of the Freedom of Information Act 2000 was correctly applied.
AEPD Finds RUBICOR FITNESS Infringed GDPR Article 17
The Spanish Data Protection Agency (AEPD) has issued a resolution finding RUBICOR FITNESS in violation of GDPR Article 17 (Right to Erasure). The agency initiated proceedings after the complainant's request for erasure was not adequately addressed by the company. RUBICOR FITNESS failed to provide the required response and justification during the administrative process.
AEPD Spain: Appeal REPOSICION-PA-00034-2024 Inadmitted
The Spanish Data Protection Agency (AEPD) has inadmitted an appeal (REPOSICION-PA-00034-2024) filed by A.A.A. against a resolution dated January 16, 2026. The inadmission is based on the appellant's lack of standing as an interested party in the initiated procedure, as per Article 62.5 of the LPACAP.