Search

Hong Kong PCPD Arrests Two for Suspected Doxxing

The Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) arrested two men for suspected doxxing and disclosure of personal data without consent, in contravention of the Personal Data (Privacy) Ordinance. The arrests stem from a monetary dispute where personal data and family photos were posted online.

Real Estate Agency Fined 100,000 EUR

The Croatian Personal Data Protection Agency (AZOP) has fined a real estate agency 100,000 EUR for violations related to data protection. The agency also announced a conference on Data Protection in AI Systems.

Real Estate Agency Fined EUR 100,000 for GDPR Violations

The Croatian Personal Data Protection Agency has fined a real estate agency EUR 100,000 for violating GDPR provisions. The agency acted as a controller and processed data contrary to the regulation.

Garante Privacy Fines Acea Energia €2 Million for Unauthorized Contracts

The Italian Garante privacy has fined Acea Energia spa €2 million for significant violations of personal data protection laws. The company was found to have used inaccurate customer data to activate over 1,200 unsolicited energy contracts through door-to-door agents.

Italian Privacy Authority Fines Intesa Sanpaolo €17.6 Million

The Italian Privacy Authority has fined Intesa Sanpaolo €17.6 million for unlawfully processing the data of approximately 2.4 million customers. The fine stems from the transfer of customer data to its wholly-owned subsidiary, Isybank, as part of a corporate operation.

Garante Privacy Orders Amazon to Stop Worker Surveillance

The Italian Data Protection Authority (Garante privacy) has ordered Amazon Italia Logistica to immediately stop its worker surveillance system. The authority found that Amazon collected sensitive information on employees, including health conditions, union activities, and personal/family life, violating data protection regulations.

HHS - Syracuse ASC Pays $250,000 for HIPAA Violations

The U.S. Department of Health and Human Services (HHS) has reached a resolution agreement with Syracuse ASC, L.L.C. for violations of HIPAA Rules. Syracuse ASC will pay $250,000 and comply with a Corrective Action Plan to address failures in risk analysis and timely breach notifications.

Deer Oaks HIPAA Resolution Agreement and Corrective Action Plan

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has entered into a Resolution Agreement and Corrective Action Plan with Deer Oaks, a covered entity under HIPAA. The agreement resolves allegations of impermissible disclosure of protected health information (PHI) and a subsequent data breach, requiring Deer Oaks to pay a resolution amount and implement corrective actions.

Comstar, LLC HIPAA Resolution Agreement and Corrective Action Plan

The US Department of Health and Human Services (HHS) has entered into a resolution agreement with Comstar, LLC, a business associate under HIPAA. Comstar will pay $75,000 and comply with a corrective action plan to resolve alleged violations of HIPAA's Privacy, Security, and Breach Notification Rules following a ransomware attack affecting 585,621 individuals.

South Korea Overhauls PIPA with 10% Turnover Fines and CEO Accountability

South Korea has significantly amended its Personal Information Protection Act (PIPA), introducing fines up to 10% of total turnover and assigning direct supervisory liability to CEOs. These changes, effective September 11, 2026, aim to strengthen deterrence and promote proactive data protection investment.