DCMS Consultation on Biometric Data and Surveillance Reform
DCMS launched a consultation on reforms to the UK data protection regime. The consultation proposes legislative changes to streamline police collection, use, and retention of biometric data, and suggests merging the Biometrics Commissioner and Surveillance Camera Commissioner functions under the Information Commissioner's Office for simplified oversight.
Surveillance Camera Code of Practice Amendments Laid in Parliament
The Surveillance Camera Commissioner laid an updated Surveillance Camera Code of Practice before Parliament on 16 November 2021 pursuant to Section 31(3) of the Protection of Freedoms Act 2012. Subject to parliamentary approval, the updated code is due to come into effect on 12 January 2022.
Fraser Sampson Raises Concerns on Police Biometrics Oversight
Professor Fraser Sampson, the Independent Commissioner for Biometrics and Surveillance Cameras, submitted a formal response to the Department for Digital, Culture, Media & Sport consultation 'Data: a new direction'. He raised serious concerns about proposals to absorb oversight of police biometric and surveillance camera powers into the Information Commissioner's Office. The consultation questions regarding these transfers appear on page 142 of the 146-page document.
Fraser Sampson Appointed Biometrics and Surveillance Camera Commissioner
The Home Secretary has appointed Fraser Sampson as the government's new independent Biometrics and Surveillance Camera Commissioner, effective 1 March 2021. This appointment consolidates the previously separate Biometrics Commissioner and Surveillance Camera Commissioner roles into a single position. The Commissioner will promote compliance with the Surveillance Camera Code and rules on police use of DNA profiles and fingerprints under the Protection of Freedoms Act 2012.
Best Practice Guidance 'Facing the Camera' on Police Use of Live Facial Recognition
The UK Surveillance Camera Commissioner has issued best practice guidance titled 'Facing the Camera' for police forces in England and Wales on the lawful deployment of Live Facial Recognition technology. This is the first guidance issued since the Court of Appeal overturned South Wales Police's use of LFR in the Bridges v South Wales Police case. The guidance helps forces understand how to deploy LFR in compliance with current legal requirements while balancing civil liberties.
NDG Statement on Patient Data Reflective Practice Safeguards
The National Data Guardian published a position statement on 27 November 2025 clarifying when regulated health and social care professionals in England may access confidential patient information for reflective practice purposes. The statement establishes safeguards and limits for data access, explains the application of Caldicott Principles, and underpins NHS England guidance on using information for reflective practice published the same day.
NDG 2024-25 Work Report, Priorities Through March 2027
The National Data Guardian (NDG) published its 2024-25 annual report covering activities from April 2024 to March 2025. The report accounts for the work of Dr Nicola Byrne and her office in advising on health and social care data use. The NDG also outlines priority work areas through the conclusion of Dr Byrne's term on 31 March 2027.
NDG Briefing on Data Use and Access Bill
The National Data Guardian published a briefing on the Data (Use and Access) Bill as part of their statutory duty to advise on matters affecting health and care data. The document outlines NDG's views on the bill, highlighting provisions they support while identifying areas requiring further consideration. The briefing was shared with the Department of Health and Social Care and Department for Science, Innovation and Technology before being published for transparency and parliamentary support.
Co-Designed Communications on Health and Care Data Expectations
The National Data Guardian published research testing whether co-designed communications can help people understand and expect specific uses of their health and care data. Working with NHS Screening Quality Assurance Service and Population Health Management programmes, the research found that well-designed materials can successfully inform people and set accurate expectations about data use, including safeguards. The findings provide practical insights for health and care organisations on communicating transparently about data use to reduce surprise.
Survey Findings on Barriers to Direct Care Information Sharing
The National Data Guardian (NDG) published a survey report on barriers to health and care professionals sharing information to support direct care. Commissioned in late 2019, the online survey aimed to understand perceived obstacles to appropriate information sharing. The report includes four recommendations for educational initiatives to improve direct care information sharing practices.
International Survey of Public Opinion on AI Safety
The Centre for Data Ethics and Innovation commissioned Deltapoll to conduct international research on public opinion towards AI safety ahead of the UK's AI Safety Summit 2023. Respondents from nine countries expressed widespread support for AI safety testing, with 76% agreement in the UK and Singapore, and 62% in the UK supporting government-backed AI safety institutes.
Fairness Innovation Challenge: Up to £400,000 for AI Bias Solutions
The UK Department for Science, Innovation and Technology, through the Centre for Data Ethics and Innovation, has launched the Fairness Innovation Challenge offering up to £400,000 in government investment to UK companies. The competition will fund up to three solutions with individual awards of up to £130,000 each, focusing on innovative approaches to tackle bias and discrimination in AI systems, with initial focus on healthcare and other real-world use cases. Submissions close on 13 December 2024.
Ethics, Transparency and Accountability Framework for Automated Decision-Making
The UK Centre for Data Ethics and Innovation, alongside the Department for Science, Innovation and Technology, Cabinet Office, and Office for Artificial Intelligence, published a 7-point Ethics, Transparency and Accountability Framework for Automated Decision-Making. The framework provides guidance for public sector organisations on using automated or algorithmic decision-making systems safely, sustainably and ethically. An accompanying Risk Potential Assessment Form helps teams evaluate possible risks of automated or algorithmic decisions.
CDEI Rebranded as Responsible Technology Adoption Unit
The UK Centre for Data Ethics and Innovation (CDEI) has been renamed the Responsible Technology Adoption Unit (RTA). The name change reflects the directorate's evolving role in supporting responsible AI adoption across public and private sectors under the Department for Science, Innovation and Technology.
Public Attitudes to Data and AI: Tracker Survey Wave 3
The CDEI and Department for Science, Innovation and Technology published Wave 3 of the Public Attitudes Tracker Survey, monitoring how UK public attitudes towards data and AI vary over time. The survey includes an infographic of key findings and weighted data tables. No compliance obligations or regulatory requirements are created by this publication.
Newsletter N. 546: Eni Fine 96K Euro, FAQ, Email Access, FaceBoarding
Garante per la protezione dei dati personali published Newsletter No. 546 covering multiple decisions. The authority fined Eni 96,000 euros for GDPR violations related to workplace email access and data protection practices. The newsletter also addresses employee email access after employment termination, the FaceBoarding biometric system at Milano Linate airport being non-compliant with GDPR, and approval of the AscoltaMi service for the Ministry of Education and Merit (MIM).
California Cybersecurity Audit Rule: Class Action Discovery and Privilege Implications
The California Privacy Protection Agency's cybersecurity audit rule took effect Jan. 1, 2026, requiring covered businesses to conduct annual audits covering 18 technical and organizational components and submit written certification to the agency. The rule, the first of its kind among state data privacy laws of general applicability, may generate substantial compliance efforts and create discoverable evidence in data breach class action litigation.
David Evans Enterprises Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice regarding David Evans Enterprises, Inc. on April 10, 2026. The notice informs Vermont consumers about a security incident involving unauthorized access to personal information. Affected consumers should review the full notice for specific details about the breach and recommended protective measures.
Legend Senior Living Data Breach Notice to Vermont Consumers
Legend Senior Living, LLC filed a data breach notice with the Vermont Attorney General's Office on April 10, 2026, informing Vermont consumers of a security incident involving personal information. The notice, published on the AG's Security Breach Notices page, provides affected consumers with details about the breach and recommended protective measures. No specific breach date, type of data compromised, or number of affected individuals was stated in the source document.
Nicholas H. Safford & Co., Inc. Data Breach Notice to Consumers
The Vermont Attorney General posted a data breach notice from Nicholas H. Safford & Co., Inc. informing consumers of a security incident involving personal information. The company published the notice as required under Vermont's security breach notification law. Consumers are advised to review the full notice for details on the compromised data and recommended protective actions.
SDI Management LLC Data Breach Notice to Consumers
The Vermont Attorney General posted a data breach notification from SDI Management LLC on April 9, 2026. The notice alerts consumers that their personal information may have been compromised in a security incident. Affected consumers should review the full notice for information about the breach and recommended protective steps.
Adrian Jules LTD Data Breach Notice to Consumers
Adrian Jules LTD filed a data breach notice with the Vermont Attorney General's Office on April 8, 2026. The notice informs consumers about a security incident involving unauthorized access to personal information. The company is providing details about the breach and recommended actions for affected individuals.
TruView BSI, LLC Data Breach Notice to Consumers
TruView BSI, LLC submitted a data breach notification to the Vermont Attorney General's Office on April 8, 2026. The notice advises Vermont consumers who may be affected by the breach to review the attached PDF for details on the incident and recommended next steps.
Buena Vista Management Services Data Breach Notice to Consumers
The Vermont Attorney General's Office published a data breach notice from Buena Vista Management Services, LLC on April 10, 2026, informing consumers of a security incident involving unauthorized access to personal information. The notice advises affected Vermont consumers of the breach and provides information regarding the nature of the incident. This notification fulfills the company's obligations under Vermont's data breach notification law.
OneDigital Investment Advisors data breach notice posted 8th Apr
OneDigital Investment Advisors data breach notice posted 8th Apr
EDPB DPIA Template Public Consultation
The European Data Protection Board (EDPB) has opened a public consultation on its Data Protection Impact Assessment (DPIA) Template, running from 14 April 2026 until 9 June 2026. The template aims to provide a harmonized approach for DPIAs across EU member states. After the consultation closes, DPAs will begin adopting this template as their unique or 'meta-template'.
Contractor Sentenced to 10 Years for $1.4M Home Remodeling Fraud
A Denver District Court judge sentenced Avi Schwalb to 10 years in the Colorado Department of Corrections for a home remodeling contractor fraud scheme that stole over $1.4 million from homeowners. In February 2026, a jury found Schwalb guilty on all 47 felony charges including theft, money laundering, and violating Colorado's organized crime law. The investigation covered work conducted from July 2021 to December 2024.