Three Voluntary Undertakings on Ransomware, Database Misconfiguration, Email Breach
Singapore's Personal Data Protection Commission published three voluntary undertakings accepted from organizations following data breaches involving ransomware, database misconfiguration, and erroneous email disclosure of personal data. Common failures included inadequate access controls, improperly configured database permissions, and absence of operational safeguards. The organizations must implement specific remediation measures including MFA, security certifications, and data protection governance improvements.
GPAI Taskforce Meets on Copyright Chapter Measures
The EC AI Office moderated the second GPAI Signatory Taskforce meeting focused on the Copyright Chapter under the EU AI Act, discussing Measures 1.4 (mitigating copyright-infringing outputs) and 1.5 (rightsholder complaint contact points). Representatives from nearly all Code signatories participated in the roundtable discussion to share implementation experiences and best practices.
Insightin Health Inc. Data Breach Notice to Consumers
The Vermont Attorney General published Insightin Health Inc.'s data breach notice on April 1, 2026. The notice informs Vermont consumers of a security breach involving their personal information. Healthcare technology companies and entities handling sensitive consumer data must comply with Vermont's security breach notification requirements under state law.
Docketwise Data Breach Notice to Vermont Consumers
The Vermont Attorney General's Office posted a security breach notice on April 3, 2026, informing Vermont consumers of a data breach affecting Docketwise, a legal technology company providing case management software. The notice includes details about the nature of the breach and recommended protective steps for affected individuals. Companies experiencing data breaches in Vermont must notify the AG's office and affected consumers under state notification requirements.
Washington International School Data Breach Notice to Consumers
The Vermont Attorney General's Office published a data breach notice from Washington International School dated April 2, 2026. The school disclosed that personal information of consumers was compromised in a security incident. Affected individuals should monitor for identity theft and fraud, as compromised data may include names, contact information, and potentially financial or health-related information.
Southern IL Dermatology Data Breach Notice to Consumers
Southern IL Dermatology filed a data breach notice with the Vermont Attorney General's Office on April 2, 2026, notifying consumers of a security incident involving unauthorized access to personal information. The notice was posted to the AG's Security Breach Notices archive for affected Vermont residents. Healthcare providers and dermatology practices should review their breach notification obligations under state law.
Timec Oil and Gas Data Breach Notice to Consumers
The Vermont Attorney General posted Timec Oil and Gas's data breach notice to consumers on April 2, 2026. The notice advises Vermonters that their personal information may have been compromised in a security incident. This posting fulfills state requirements for notifying consumers of data breaches affecting their personal information.
Imblum Law Offices PC Data Breach Notice
Imblum Law Offices, PC filed a security breach notice with the Vermont Attorney General on April 2, 2026, notifying consumers of a data breach involving personal information. The notice is filed pursuant to Vermont's security breach notification requirements.
NH Historical Society Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice from the New Hampshire Historical Society dated April 1, 2026. The notice informs consumers of a security breach involving personal data and provides guidance on protective actions. Data breach notifications are filed with the Vermont AG's office as required under Vermont law.
IPPC Inc. Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice from IPPC Inc. on April 1, 2026. The notice informs Vermont consumers that their personal information may have been compromised in a security incident. Affected consumers should review the notice to determine what data was exposed and take appropriate protective measures.
Mercer Advisors Inc. Data Breach Notice to Consumers
Vermont Attorney General's Office published a data breach notice on behalf of Mercer Advisors Inc., a registered investment adviser. The notice informs Vermont consumers that unauthorized access to personal information may have occurred. Affected consumers are advised to review the notice and monitor for potential fraud or identity theft.
Elephants Food Group data breach notice, 31st Mar
Elephants Food Group data breach notice, 31st Mar
Graebel Companies data breach, Vermont, 3rd Apr
Graebel Companies data breach, Vermont, 3rd Apr
Chemical & Industrial Engineering, Inc. - Data Breach Notice to Consumers
The Vermont Attorney General posted a data breach notice from Chemical & Industrial Engineering, Inc. informing consumers of a security incident involving personal data. Vermont law requires businesses to notify the AG's office when breaches affect state residents. The notice directs affected consumers to review the full PDF for details on the breach scope and recommended protective actions.
Wynn Resorts Data Breach Notice to Consumers
Wynn Resorts, Limited filed a data breach notice with the Vermont Attorney General's Office on April 3, 2026, reporting a security incident involving consumer personal information. The notice, made available through the AG's consumer protection portal, details the nature of the breach and recommended steps for affected individuals. Vermont law requires businesses that experience data breaches affecting state residents to notify the Attorney General's office.
Baltimore Medical System Data Breach Notice to Consumers
Baltimore Medical System, Inc. filed a security breach notice with the Vermont Attorney General's Office on April 2, 2026, notifying consumers of a data breach involving personal information. The notice was posted to the AG's public Security Breach Notices registry as required under Vermont law. Affected Vermont residents are advised to take protective steps.
REIC Rentals, LLC - Data Breach Notice to Consumers
The Vermont Attorney General published a data breach notice from REIC Rentals, LLC on April 7, 2026, informing consumers of a security incident involving personal information. The notice was filed with the state as required under Vermont law governing security breach notifications. Consumers whose data may have been compromised are advised to review the full notice for details and protective steps.
Five States Energy Company data breach notice, April 2nd
Five States Energy Company data breach notice, April 2nd
Him & Hers Inc. Data Breach Notice to Consumers
Him & Hers Inc. filed a data breach notice with the Vermont Attorney General's office on April 2, 2026, notifying consumers of a security incident involving unauthorized access to personal information. The telehealth company's breach notification affects consumers who provided personal data through the company's platform. Vermont residents who may have been impacted by this breach should review the full notification for specific details on exposed data types and recommended protective actions.
J.M. Forbes & Co. Data Breach Notice to Consumers
J.M. Forbes & Co. filed a data breach notification with the Vermont Attorney General's Office on April 7, 2026, informing consumers of a security incident involving unauthorized access to personal information. The notice, posted to the AG's Security Breach Notices webpage, provides affected Vermont residents with details about the breach and recommended protective actions. Companies experiencing data breaches that affect Vermont residents are required to notify the Attorney General's office.
South Wonston Parish Council, FOI 14, Not upheld
The ICO has upheld South Wonston Parish Council's reliance on section 14(1) of FOIA, finding the complainant's financial information request was vexatious. The decision, dated 1 April 2026, concludes the council was entitled to refuse the request and is not required to take any steps. The complainant may appeal this decision to the First-tier Tribunal within 28 days.
London Borough of Redbridge selective landlord notices, FOI partly upheld
ICO issued Decision Notice IC-464099-P6J1 on 31 March 2026, partially upholding a Freedom of Information complaint against London Borough of Redbridge. The Council had withheld selective landlord licence notice names and contents under FOIA Section 40(2) (personal data), but the ICO determined only some information qualifies for exemption. The Council must now reconsider disclosure of certain withheld details.
Crown Estate FOIA Section 40(2) Personal Data Exemption Upheld
The ICO issued a Decision Notice finding that The Crown Estate properly relied on FOIA section 40(2) (personal information) to withhold the name of a staff member occupying premises at East Lodge, Sunninghill Park. The Crown Estate had provided a copy of the lease but refused to identify the staff member, citing sections 40(2), 38(1), 41, and 43(2) of FOIA. The ICO upheld only the section 40(2) exemption, finding it sufficient grounds for withholding the personal data without needing to consider the other exemptions.
University of York FOIA Complaint - Not Upheld
The Information Commissioner's Office issued a Decision Notice finding that the University of York correctly handled a Freedom of Information request for professional emails between four named staff members. The university disclosed responsive information while withholding some third-party personal data under section 40(2) FOIA. The Commissioner determined the university does not hold further information within scope and that the exemption was properly applied. No remedial steps are required.
Austrian Data Protection Authority publishes 2025 Activity Report
The Austrian Data Protection Authority (DSB Austria) published its 2025 Activity Report (Tätigkeitsbericht 2025), renamed from the prior 'Datenschutzbericht' title. The report covers the authority's enforcement activity, complaints handled, investigations concluded, and regulatory decisions issued during 2025. Austrian businesses, public bodies, and data protection officers should review the report to understand DSB Austria's enforcement priorities and emerging compliance expectations.