Data Privacy

Lakeside Pediatrics Data Breach Notification

Lakeside Pediatric & Adolescent Medicine PLLC is notifying 1314 Washingtonians of a data security incident that occurred on or about November 1, 2024. An unauthorized party accessed their systems, potentially exposing personal information. The company is offering credit monitoring services.

Data Breach Notification for CommonSpirit Health and Pinnacle Holdings

Washington State's Office of the Attorney General has been notified of a data breach impacting CommonSpirit Health, reported by vendor Northgauge Healthcare Advisors. The breach occurred at Pinnacle Holdings, a vendor to Northgauge, and may have exposed personal information of Washington residents.

Pyramid Global Hospitality Data Breach Notification

Pyramid Global Hospitality is notifying current and former employees of a data breach discovered on September 30, 2025, impacting personal information. The company is offering credit monitoring and identity restoration services and has notified relevant state regulators and federal law enforcement.

GDPR Resolution: No Fine for DILCAR Gestión S.L.

The Spanish Data Protection Agency (AEPD) has closed an investigation into DILCAR Gestión S.L. regarding the misuse of municipal resources for private business, which involved personal client data. No fine was imposed on the company.

GDPR Resolution: School Used Health Data Without Consent

The Spanish Data Protection Agency (AEPD) initiated a sanctioning procedure against HOLY MARY CATHOLIC SCHOOL, S.L. for allegedly using student health data without proper consent. The procedure was initiated following a complaint filed on April 24, 2024, regarding the use of 'Google Workspace for Education' and its potential access to non-educational content.

Digital Markets Act: Gatekeepers Submit Updated Compliance Reports

Six designated gatekeepers under the EU's Digital Markets Act (DMA) have submitted updated compliance reports. These reports detail the measures implemented over the past year to adhere to the DMA's requirements.

ICO Decision Notice: FOI Complaint Against London Borough of Croydon

The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against the London Borough of Croydon. The authority failed to respond to a request within the statutory 20 working days. The ICO has ordered the council to respond within 30 calendar days.

ICO Upholds FOI Complaint Against NHS Trust

The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against South London & Maudsley NHS Foundation Trust for a delayed response. The Trust is now required to provide a substantive response to the complainant within 30 calendar days.

ICO Decision on Cabinet Office FOI Exemptions

The UK's Information Commissioner's Office (ICO) issued a decision regarding the Cabinet Office's use of FOI exemptions. The ICO found that the Cabinet Office was entitled to rely on sections 36(2)(b)(i) and (c) of the FOIA to withhold certain information related to interactions with BlackRock.

ICO Orders NHS Trust to Respond to FOI Request

The UK's Information Commissioner's Office (ICO) has ordered the South London & Maudsley NHS Foundation Trust to respond to a Freedom of Information (FOI) request. The Trust failed to respond within the statutory 20 working days.