Searching in Data Privacy & Cybersecurity · Search everything
702 changes Data Privacy & Cybersecurity
Black Country Healthcare NHS Foundation Trust FOI Complaint Upheld
The Information Commissioner's Office has upheld a Freedom of Information complaint against Black Country Healthcare NHS Foundation Trust. The Trust failed to respond to the complainant's FOI request within the statutory 20 working days required under FOIA. The ICO has issued a Decision Notice requiring the Trust to provide a substantive response to the outstanding request within 30 calendar days.
FOI Cost Limit Refusal Not Upheld - Middleton Cheney Parish Council
The ICO has issued a Decision Notice regarding Middleton Cheney Parish Council's refusal of an FOI request under section 12(1) (cost limit exemption). The Commissioner determined that the Council was entitled to refuse the request on cost grounds and found that the Council complied with its section 16 obligations to offer advice and assistance. No further action is required from the Council.
Police FOI complaint: 10(1) upheld, 12(1) not upheld
Police FOI complaint: 10(1) upheld, 12(1) not upheld
EANI School Walking Route EIR Complaint Not Upheld
The Information Commissioner's Office issued a Decision Notice on 9 April 2026 regarding an Environmental Information Regulations complaint against the Education Authority Northern Ireland (EANI). The complainant requested information relating to an assessment of a school walking route between two postcodes. The ICO determined that, on the balance of probabilities, EANI does not hold any additional information falling within the scope of the request and does not require further steps. The complaint was not upheld.
London Borough of Southwark Upheld for FOIA Response Failure
The ICO has upheld a complaint against London Borough of Southwark for failing to respond to a Freedom of Information request within the statutory 20 working day timeframe. The Commissioner has ordered the authority to provide a substantive response to the complainant within 30 calendar days in compliance with its FOIA obligations.
The Open University FOI Complaint Upheld, Must Issue Fresh Response
The ICO upheld a complaint against The Open University regarding a Freedom of Information Act request for data security and cybersecurity information. The university had refused to comply, citing section 14 of FOIA (vexatious request). The ICO determined the university is not entitled to rely on section 14. The ICO requires the university to issue a fresh response that does not rely on section 14 of FOIA.
FOI 10 Breach Upheld, City of Wolverhampton Council
The ICO has upheld a breach of section 10 of the Freedom of Information Act 2000 against the City of Wolverhampton Council. The Council failed to provide a substantive response to an FOI request within the required 20 working days. The ICO has ordered the Council to issue a substantive response within 30 calendar days of the decision notice date.
Wandsworth Borough Council FOI Complaint Not Upheld
The Information Commissioner's Office has issued a Decision Notice regarding a Freedom of Information Act complaint against Wandsworth Borough Council. The complaint concerned the council's handling of a request for information about Wandsworth Information, Advice and Support Service. The ICO determined that the council's refusal to confirm or deny holding information under sections 40(5B) and 31(3) of FOIA was justified, and that on the balance of probabilities, the council does not hold any further information within scope of the request. No further action is required of the council.
NHS Trust Upheld for Late Supplier Payment FOIA Breach
The Information Commissioner's Office issued a decision notice finding that The Queen Elizabeth Hospital King's Lynn NHS Foundation Trust breached section 10 of the Freedom of Information Act 2000 by failing to respond to an information request within 20 working days. The complaint concerned the Trust's failure to pay suppliers on time and related late payment compensation. The ICO ordered the public authority to provide a substantive response to the original request.
Rushcliffe Borough Council EIR Planning Information Not Held
The Information Commissioner's Office issued a Decision Notice finding that Rushcliffe Borough Council correctly applied the Environmental Information Regulations exception at regulation 12(4)(a). The Council stated that requested planning application information was not held, and the Commissioner determined on the balance of probabilities that the information is indeed not held by the Council.
Royal Borough of Greenwich - FOIA Request Non-Compliance Upheld
The ICO has upheld a complaint against the Royal Borough of Greenwich for failing to respond to a Freedom of Information Act request within the statutory 20 working day timeframe. The Commissioner has ordered the public authority to provide a substantive response to the complainant within 30 calendar days of the decision.
NDPC Champions Data Safety at NIGCOMSAT Satellite Week 2026
The Nigeria Data Protection Commission (NDPC) was represented at NIGCOMSAT Satellite Week 2026 by Mr. Olufemi Ibitayo, Head of Finance Management and Control. The event, themed 'Harnessing Space Technology for an Extraordinary Nigeria,' was declared open by Dr. Bosun Tijani, Honourable Minister of Communications, Innovation and Digital Economy. NDPC delivered a goodwill message emphasizing data safety collaboration within the digital ecosystem.
NDPC Boss to Corporate Directors: Transition from Passive Oversight to Active Data Stewardship
Dr. Vincent Olatunji, NDPC National Commissioner/CEO, delivered the keynote address at the Chartered Institute of Directors Nigeria Members' Evening 2026 in Lagos. He urged corporate directors to transition from passive oversight to active data stewardship, emphasised compliance with the Nigeria Data Protection Act (NDP Act) 2023, and highlighted the benefits of compliance and consequences of non-compliance. He encouraged directors to embed data protection compliance as a culture within their organisations.
NDPC Legal Head Babatunde Elected UNCITRAL Rapporteur
The Nigeria Data Protection Commission's Head of Legal, Enforcement and Regulations Department, Babatunde Bamigboye, was elected as Rapporteur of UNCITRAL Working Group on Electronic Commerce at its 70th Session in New York. His nomination was put forward by the US delegation and seconded by Singapore. The Working Group deliberated on Draft Model Legislative Provisions on Contracts for the Provision of Data, aiming to foster stability in global data provision value chains.
NDPC Champions Borderless Digital Finance at Kigali Fintech Forum
The Nigeria Data Protection Commission (NDPC) was represented at the Kigali Fintech Forum hosted by the Rwandan Government, where Barrister Babatunde Bamigboye (Head of Legal, Enforcement and Regulations) served as a panellist on 'Digital Finance Without Borders: Standards, Interoperability, and Trust.' Nigeria was selected as one of nine countries to participate in the Cross-Regulatory Project by Cambridge University's Judge Business School and Financial Innovation for Impact.
Third IMPACT Initiative Covers Compliance Audit Returns, Corporate Risk Management
The Nigeria Data Protection Commission hosted the third IMPACT Initiative webinar on April 10, 2026, with 462 participants in attendance. The session addressed Compliance Audit Returns filing under the Nigeria Data Protection Act, standardized CAR templates, and collaboration between organizations and Data Protection Compliance Organisations. Speakers included NDPC officials, legal practitioners, and industry DPOs from Paystack and ICPC.
NDPC Commissioner Highlights Nigeria's Digital Economy Data Privacy Progress at Global Summit
Dr. Vincent Olatunji, National Commissioner/CEO of the Nigeria Data Protection Commission, represented Nigeria at the IAPP Global Summit 2026 in Washington, D.C. He participated in a high-level session on data privacy and AI governance in Africa, discussing Nigeria's progress in positioning data privacy as a cornerstone of its digital economy. Dr. Olatunji also led a delegation meeting with Future of Privacy Forum CEO Jules Polonetsky to discuss strategic collaboration on public awareness, capacity building, and technology deployment for compliance and enforcement.
NDPC Takes Digital Privacy Campaign to UNIPORT, Sensitizes 300 Students on Data Rights
The Nigeria Data Protection Commission held the third edition of its Digital Privacy Awareness Campaign (DPAC) at the University of Port Harcourt, sensitizing approximately 300 students on data rights and privacy awareness. The event featured presentations on digital footprints, digital rights, and a panel discussion on privacy in the age of AI, social media, and emerging technologies.
NDPC Discusses Balanced Data Law Approach with U.S. Government Officials in Washington D.C.
Nigeria Data Protection Commission (NDPC) National Commissioner Dr. Vincent Olatunji met with U.S. State Privacy Enforcers and senior U.S. Administration officials at IAPP Data Protection Authority Day 2026 in Washington D.C. Dr. Olatunji presented Nigeria's balanced regulatory approach under the Nigeria Data Protection Act (NDP Act, 2023), emphasizing that the framework protects personal data while supporting digital innovation. The engagement highlighted Nigeria's federal-state coordination in implementing data protection rules uniformly across the country.
NDPC Commissioner Attends IAPP Global Privacy Summit 2026 in Washington
The Nigeria Data Protection Commission (NDPC) Commissioner Dr. Vincent Olatunji led Nigeria's delegation to the IAPP Global Privacy Summit 2026 in Washington, D.C. Dr. Olatunji participated in breakout sessions on 'Governing High-Stakes AI' and 'Age Assurance and Privacy in the Digital Playground,' where he shared insights on Nigeria's ongoing survey on Age Regulation and Online Safety. He also met with Canadian Privacy Commissioner Philippe Dufresne to advance a memorandum of understanding between the two authorities.
Woodfords Family Services Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice from Woodfords Family Services on March 28, 2026. The notice informs Vermont consumers of a security breach affecting personal information. The full notice is available as a PDF document on the AG's security breach notices page.
State of Oklahoma Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice filed by the State of Oklahoma regarding a security incident that may have compromised consumer personal information. The notice was published on March 27, 2026, and is available on the Vermont AG's security breach notices page. Affected consumers may have received direct notification from Oklahoma state government regarding the breach.
Advantage Gold Data Breach Notice to Vermont Consumers
Advantage Gold has notified Vermont consumers of a data breach involving personal information. The breach notice, published by the Vermont Attorney General's Office, was issued on March 29, 2026. Affected Vermont consumers are advised to review the notice and monitor their accounts for suspicious activity.
Federal Plan Modernizes, Preempts US Financial Privacy Rules
A discussion draft released by the House Committee on Financial Services proposes modernizing the Gramm-Leach-Bliley Act with data minimization provisions, updated sensitive data definitions covering geolocation and biometrics, and AI disclosure requirements. The draft would shift GLBA from a federal floor to a federal ceiling, preempting state financial privacy laws. Most state comprehensive privacy laws currently exempt GLBA-covered financial institutions from their requirements.
OPC Loblaw Decision: Key Privacy Anonymization Lessons
IAPP published an opinion piece analyzing a recent Office of the Privacy Commissioner of Canada finding on Loblaw's Optimum loyalty program, highlighting three key anonymization lessons under PIPEDA. The OPC confirmed that secondary uses of data are permissible, that anonymization requires eliminating only the serious possibility of re-identification rather than zero risk, and that independent third-party review of anonymization processes is expected.
ICO Guidance on Personal Data Use in UK Local Elections
The ICO published guidance on 10 April 2026 explaining how UK voters can expect their personal data to be handled during the May 2026 local elections in England and Parliamentary elections in Scotland and Wales. The guidance addresses profiling techniques, social media advertising transparency, and data use in petitions and surveys by political parties. Political parties are reminded that they must provide clear privacy information and opportunities for voters to object to data profiling.
European Data Protection Board Publishes 2025 Activity Report
The European Data Protection Board published its 2025 annual activity report on April 9, 2026, as required by Article 71 GDPR. The report covers EDPB activities including guidance development, enforcement coordination, and stakeholder dialogue on the protection of natural persons in data processing within the EU and internationally.
Digital Sovereignty Push Risks Global Data Flows
IAPP published an article summarizing panel discussions at the IAPP Global Summit 2026 regarding digital sovereignty trends. Speakers from Hunton Andrews Kurth and Mastercard discussed how countries are increasingly implementing data localization measures, AI sovereignty frameworks, and domestic technology production policies in response to geopolitical tensions. The article notes that company boards are now prioritizing digital sovereignty as an industrial policy concern.
Alabama Passes Privacy Law, Becomes 21st State
Alabama's House Bill 351, the Alabama Personal Data Protection Act, cleared the state legislature on April 7, 2026, becoming the 21st comprehensive state privacy law. The bill applies to businesses controlling or processing data of more than 25,000 Alabama residents or deriving 25% of revenue from data sales, with an exclusive attorney general enforcement mechanism and a non-sunsetting 45-day cure provision. If signed by the governor, the law takes effect May 1, 2027.
Home Office FOI 17(3) Complaint Upheld for Unreasonable Delay
The ICO upheld a Freedom of Information Act complaint against the Home Office, finding that the public authority failed to complete its public interest test considerations within a reasonable time. The ICO requires the Home Office to provide a substantive response to the information request within 30 calendar days.
ICO Decision: London Borough of Redbridge FOI Inspection Dates Upheld Addresses Exempt
FOI Decision, Redbridge, Inspection Dates Upheld, Addresses Exempt
ICO Upholds Complaint - Queen Mary University Failed to Respond to FOIA Request
The ICO has issued a Decision Notice finding Queen Mary University of London in breach of the Freedom of Information Act 2000 for failing to respond to a FOIA request within the statutory 20 working days. The university is now required to provide a complete response to the complainant within 30 calendar days or face further enforcement action.
Three Voluntary Undertakings on Ransomware, Database Misconfiguration, Email Breach
Singapore's Personal Data Protection Commission published three voluntary undertakings accepted from organizations following data breaches involving ransomware, database misconfiguration, and erroneous email disclosure of personal data. Common failures included inadequate access controls, improperly configured database permissions, and absence of operational safeguards. The organizations must implement specific remediation measures including MFA, security certifications, and data protection governance improvements.
Southern IL Dermatology Data Breach Notice to Consumers
Southern IL Dermatology filed a data breach notice with the Vermont Attorney General's Office on April 2, 2026, notifying consumers of a security incident involving unauthorized access to personal information. The notice was posted to the AG's Security Breach Notices archive for affected Vermont residents. Healthcare providers and dermatology practices should review their breach notification obligations under state law.
Washington International School Data Breach Notice to Consumers
The Vermont Attorney General's Office published a data breach notice from Washington International School dated April 2, 2026. The school disclosed that personal information of consumers was compromised in a security incident. Affected individuals should monitor for identity theft and fraud, as compromised data may include names, contact information, and potentially financial or health-related information.
NH Historical Society Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice from the New Hampshire Historical Society dated April 1, 2026. The notice informs consumers of a security breach involving personal data and provides guidance on protective actions. Data breach notifications are filed with the Vermont AG's office as required under Vermont law.
Elephants Food Group data breach notice, 31st Mar
Elephants Food Group data breach notice, 31st Mar
Mercer Advisors Inc. Data Breach Notice to Consumers
Vermont Attorney General's Office published a data breach notice on behalf of Mercer Advisors Inc., a registered investment adviser. The notice informs Vermont consumers that unauthorized access to personal information may have occurred. Affected consumers are advised to review the notice and monitor for potential fraud or identity theft.
Docketwise Data Breach Notice to Vermont Consumers
The Vermont Attorney General's Office posted a security breach notice on April 3, 2026, informing Vermont consumers of a data breach affecting Docketwise, a legal technology company providing case management software. The notice includes details about the nature of the breach and recommended protective steps for affected individuals. Companies experiencing data breaches in Vermont must notify the AG's office and affected consumers under state notification requirements.
Timec Oil and Gas Data Breach Notice to Consumers
The Vermont Attorney General posted Timec Oil and Gas's data breach notice to consumers on April 2, 2026. The notice advises Vermonters that their personal information may have been compromised in a security incident. This posting fulfills state requirements for notifying consumers of data breaches affecting their personal information.
Insightin Health Inc. Data Breach Notice to Consumers
The Vermont Attorney General published Insightin Health Inc.'s data breach notice on April 1, 2026. The notice informs Vermont consumers of a security breach involving their personal information. Healthcare technology companies and entities handling sensitive consumer data must comply with Vermont's security breach notification requirements under state law.
Imblum Law Offices PC Data Breach Notice
Imblum Law Offices, PC filed a security breach notice with the Vermont Attorney General on April 2, 2026, notifying consumers of a data breach involving personal information. The notice is filed pursuant to Vermont's security breach notification requirements.
IPPC Inc. Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice from IPPC Inc. on April 1, 2026. The notice informs Vermont consumers that their personal information may have been compromised in a security incident. Affected consumers should review the notice to determine what data was exposed and take appropriate protective measures.
Graebel Companies data breach, Vermont, 3rd Apr
Graebel Companies data breach, Vermont, 3rd Apr
Chemical & Industrial Engineering, Inc. - Data Breach Notice to Consumers
The Vermont Attorney General posted a data breach notice from Chemical & Industrial Engineering, Inc. informing consumers of a security incident involving personal data. Vermont law requires businesses to notify the AG's office when breaches affect state residents. The notice directs affected consumers to review the full PDF for details on the breach scope and recommended protective actions.
Wynn Resorts Data Breach Notice to Consumers
Wynn Resorts, Limited filed a data breach notice with the Vermont Attorney General's Office on April 3, 2026, reporting a security incident involving consumer personal information. The notice, made available through the AG's consumer protection portal, details the nature of the breach and recommended steps for affected individuals. Vermont law requires businesses that experience data breaches affecting state residents to notify the Attorney General's office.
REIC Rentals, LLC - Data Breach Notice to Consumers
The Vermont Attorney General published a data breach notice from REIC Rentals, LLC on April 7, 2026, informing consumers of a security incident involving personal information. The notice was filed with the state as required under Vermont law governing security breach notifications. Consumers whose data may have been compromised are advised to review the full notice for details and protective steps.
J.M. Forbes & Co. Data Breach Notice to Consumers
J.M. Forbes & Co. filed a data breach notification with the Vermont Attorney General's Office on April 7, 2026, informing consumers of a security incident involving unauthorized access to personal information. The notice, posted to the AG's Security Breach Notices webpage, provides affected Vermont residents with details about the breach and recommended protective actions. Companies experiencing data breaches that affect Vermont residents are required to notify the Attorney General's office.
Five States Energy Company data breach notice, April 2nd
Five States Energy Company data breach notice, April 2nd
Him & Hers Inc. Data Breach Notice to Consumers
Him & Hers Inc. filed a data breach notice with the Vermont Attorney General's office on April 2, 2026, notifying consumers of a security incident involving unauthorized access to personal information. The telehealth company's breach notification affects consumers who provided personal data through the company's platform. Vermont residents who may have been impacted by this breach should review the full notification for specific details on exposed data types and recommended protective actions.