Data Privacy

AEPD Resolution on GDPR Rights Procedure

The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a GDPR rights procedure. The resolution addresses a complaint where a data subject exercised their right of access, and the data controller failed to provide a legally established response within the stipulated timeframe. The AEPD admitted the claim for processing.

EDPB-EDPS Opinion on Biotech Act Privacy Implications

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have issued a joint opinion on the privacy implications of the proposed European Biotech Act. The opinion provides guidance on the GDPR compliance aspects of the proposed legislation.

EDPB Letter to EC on US Entry Privacy Implications

The European Data Protection Board (EDPB) has sent a letter to the European Commission expressing concerns regarding the privacy implications of recent US legislative developments affecting entry conditions for EEA citizens. The letter highlights potential risks to data protection and fundamental rights.

ICO Open Letter to Tech Firms on Age Checks and Child Data Protection

The UK's Information Commissioner's Office (ICO) has issued an open letter to social media and video-sharing platforms, urging them to strengthen age assurance measures to prevent underage children from accessing services. The ICO expects platforms to move beyond self-declaration and utilize available technology to enforce minimum age requirements.

ICO Fines Police Scotland £66,000 for Data Mishandling

The ICO has fined Police Scotland £66,000 and issued a reprimand for serious data mishandling. Failures included excessive mobile phone data extraction and unlawful disclosure of sensitive personal information to a third party, violating UK GDPR and the Data Protection Act 2018.

Insightin Health Data Breach Notification

Insightin Health is notifying Washington residents and regulators of a data breach affecting 11,740 individuals due to a cyberattack exploiting a zero-day vulnerability. The breach, which occurred in September 2025, potentially exposed names, dates of birth, medical, and health insurance information. Insightin is offering 12 months of free credit monitoring services.

Brown Advisory Security Incident and Data Breach Notification

Brown Advisory reported a security incident on January 21, 2026, involving unauthorized access to certain systems by a threat actor. Personal data, including names, contact information, and sensitive identification details, may have been accessed. The company is offering 24 months of free identity protection services from Experian.

New American Funding Data Breach Notification

New American Funding has notified the Washington Attorney General's office of a data breach affecting 699 state residents. The incident, which occurred at a service provider, may have exposed personal information including names, addresses, and Social Security numbers. Affected individuals are being notified and offered credit monitoring services.

Drivestream Data Breach Notification

Drivestream, Inc. is notifying Washington residents of a data breach that occurred between December 4-9, 2024. An unauthorized actor accessed systems and potentially exfiltrated sensitive personal information, affecting 505 Washington residents. Drivestream is offering credit monitoring services.

Lakeside Pediatrics Data Breach Notification

Lakeside Pediatric & Adolescent Medicine PLLC is notifying 1314 Washingtonians of a data security incident that occurred on or about November 1, 2024. An unauthorized party accessed their systems, potentially exposing personal information. The company is offering credit monitoring services.