Searching in Data Privacy & Cybersecurity · Search everything
702 changes Data Privacy & Cybersecurity
STRATeBEN Data Breach Notice to Consumers
The Vermont Attorney General's Office has published a data breach notice from STRATeBEN to consumers. The notice, dated March 26, 2026, details a security incident affecting consumer data. The document is a notification of the breach and its potential impact.
UFCW Local 342 Data Breach Notice to Consumers
The Vermont Attorney General's Office has published a data breach notice for UFCW Local 342, informing consumers about a security incident. The notice provides a link to a PDF document detailing the breach and its implications for affected individuals.
Schubert Organization Inc. Data Breach Notice to Consumers
The Vermont Attorney General's Office has published a data breach notice from The Schubert Organization Inc. to consumers. The notice, dated March 20, 2026, details a security incident affecting consumer data.
Cetera Financial Group Data Breach Notice to Consumers
The Vermont Attorney General's Office has published a data breach notice for Cetera Financial Group. The notice informs consumers about a data security incident that may have affected their personal information. Specific details regarding the breach and affected data were not provided in the summary notice.
Summit Insurance Services Data Breach Notice to Consumers
The Vermont Attorney General's Office has published a data breach notice from Summit Insurance Services to consumers. The notice, dated March 26, 2026, details a security incident affecting consumer data.
Titan Roofing Data Breach Notice to Consumers
The Vermont Attorney General's Office has issued a data breach notice regarding Titan Roofing. The notice informs consumers about a data breach that may have compromised their personal information. Specific details on the breach and affected data are provided within the document.
College of Health Care Professionals Data Breach Notice
The Vermont Attorney General's Office has issued a data breach notice concerning the College of Health Care Professionals. The notice informs consumers about a data security incident that may have compromised personal information.
Ailco Data Breach Notice to Consumers
The Vermont Attorney General's Office has published a data breach notice concerning Ailco. The notice, dated March 26, 2026, informs consumers about a data breach incident involving Ailco.
Company fined £100,000 for unsolicited marketing calls
The UK's Information Commissioner's Office (ICO) has fined TMAC Ltd £100,000 for making over 260,000 unsolicited marketing calls to numbers registered with the Telephone Preference Service (TPS). The company also misled recipients about their identity and targeted vulnerable individuals.
GDPR Enforcement Actions: Fines for Enel Energia, Bakeca; Minors' Data Risks
The Italian Data Protection Authority (Garante Privacy) has issued fines totaling over €500,000 against Enel Energia for illegal telemarketing practices and against Bakeca for online ads without consent. The newsletter also highlights risks associated with minors' data on websites and apps.
Garante Privacy Fines Enel Energia Over €500k for Telemarketing Violations
Italy's Garante Privacy has fined Enel Energia over €500,000 for alleged violations related to telemarketing practices. The newsletter also mentions other enforcement actions concerning online advertisements, debt collection communications, and risks to minors on websites and apps.
ICO fines TMAC Ltd £100,000 for PECR breaches
The UK's Information Commissioner's Office (ICO) has fined TMAC Ltd £100,000 for breaches of the Privacy and Electronic Communications Regulations (PECR). The company made over 260,000 unsolicited marketing calls to individuals registered on the Telephone Preference Service and failed to provide required caller information.
DataGrail AI Agent Automates Privacy Compliance
DataGrail has released its Vera AI agent, embedded within its existing platform, to help privacy teams automate compliance tasks and risk assessments. The tool aims to address the challenges of integrating AI into privacy operations and meet jurisdictional data privacy requirements, particularly in light of increasing AI investments.
Brazil Court Limits Identifiable Data Sharing Without Consent
Brazil's Superior Court of Justice has ruled that identifiable registration data, such as names and estimated income, cannot be shared with third parties by credit bureaus without explicit consent. This decision clarifies the interpretation of Brazil's General Data Protection Law (LGPD) in the credit market, distinguishing between internal credit risk analysis and external data sharing.
INCIBE Fined 2,000 Euros for GDPR Breach
The Spanish Data Protection Agency (AEPD) has upheld a 2,000 Euro fine against INCIBE for a GDPR breach. The breach occurred on INCIBE's Moodle training platform, exposing student names, emails, cities, and countries due to a default privacy configuration error. INCIBE appealed the initial resolution.
EUSKALTEL fined €100,000 for GDPR non-compliance
The Spanish Data Protection Agency (AEPD) has fined EUSKALTEL €100,000 for non-compliance with GDPR, specifically related to a violation of Article 58.2 and Article 83.6. The company was ordered to comply with imposed measures within three months. This resolution is on appeal from a prior decision.
EDPB Guidelines on Processing Personal Data Based on Legitimate Interests
The European Data Protection Board (EDPB) has issued Guidelines 1/2024 for public consultation, focusing on the lawful processing of personal data under Article 6(1)(f) of the GDPR, specifically the 'legitimate interests' basis. The guidelines also address the relationship between this legal basis and data subject rights. The consultation period closes on November 20, 2024.
ICO and Ofcom Joint Statement on Age Assurance
The UK's ICO and Ofcom have issued a joint statement clarifying the interaction between online safety and data protection laws concerning age assurance for online services. The statement aims to assist organisations in complying with both sets of obligations when protecting children online.
Glasshouse Media Data Breach Notification
Glasshouse Media is issuing a data breach notification dated March 23, 2026, to affected individuals. The incident involved the inadvertent receipt of an internal file containing employee names and Social Security numbers. The company is offering 24 months of complimentary identity protection services through Experian IdentityWorks.
Colaberry Inc. Data Breach Notification
Colaberry Inc. has issued a data breach notification to Massachusetts residents whose 2025 Form W-2 information may have been compromised. The company is offering 24 months of complimentary credit monitoring and identity theft protection services through Cyberscout.
Massachusetts Breach Notification: Obtaining Free Credit Reports
This document provides guidance to Massachusetts residents on how to obtain free credit reports from major credit reporting companies. It outlines the process for requesting reports and what steps to take if discrepancies or suspicious activity are found, including contacting law enforcement and the FTC.
Quatrro Data Breach Notification and Credit Monitoring Offer
Quatrro Business Support Services, Inc. is issuing a data breach notification to affected individuals, offering a complimentary 24-month membership to credit monitoring services provided by Kroll. The notice details the incident, the services offered, and steps individuals can take to protect themselves.
Connell Family Office Data Breach Notification
Connell Family Office & Management, Inc. is notifying individuals of a data breach that may have impacted personal information, including names. While no misuse is indicated, the company is offering complimentary credit monitoring and identity restoration services through Experian. Affected individuals must enroll by June 30, 2026.
Law Offices of James Scott Farrin Data Security Event Notification
The Law Offices of James Scott Farrin is notifying individuals of a data security event that occurred on September 8, 2025, involving the unauthorized acquisition of personal information, including names and Social Security numbers. Affected individuals are offered free credit monitoring and fraud assistance services.
Massachusetts DOR Data Breach Notification
The Massachusetts Department of Revenue issued a sample data breach notification letter to inform individuals about an unauthorized disclosure of personal information due to employee error. The notice outlines the rights of affected individuals, including placing a security freeze, and offers 24 months of free credit monitoring services.
Mark Leyden & Associates Data Breach Notification
Mark Leyden & Associates, LLC is notifying individuals of a data breach that may have exposed personal information. The company is offering complimentary credit monitoring and identity theft protection services through IDX. Affected individuals are advised to enroll by June 20, 2026.
Massachusetts Data Breach Notification Requirements for Consumers
The Massachusetts Attorney General's office has issued a notice detailing data breach notification requirements for consumers. This notice outlines the information consumers must provide to verify their identity and address potential identity theft, including specific documentation and procedures for placing and managing security freezes on credit reports.
MedPeds Data Breach Notification
MEDPEDS, a healthcare provider, is notifying patients of a data breach that occurred on September 2, 2025, due to a virus that encrypted data and allowed unauthorized access. Patient information including name, date of birth, address, phone number, and medical records may have been viewed. MEDPEDS has improved security measures and contacted the FBI.
Hightower Holding LLC Data Breach Notification
Hightower Holding LLC is notifying individuals of a data breach that occurred between January 8-9, 2026, and January 19-20, 2026, due to compromised user accounts. The breach resulted in unauthorized access and download of files containing personal information. The company is offering complimentary credit monitoring services.
Tower FCU Data Breach Notification
Tower Federal Credit Union has issued a data breach notification following an inadvertent employee error that sent a member's personal information, including Social Security number and date of birth, to another member. The credit union has updated its internal processes and provided credit monitoring services to affected individuals.
PCPD Joins Global Network Examining Children's Apps
The Privacy Commissioner's Office of Hong Kong joined 26 global privacy authorities in the 2025 Global Privacy Enforcement Network (GPEN) Sweep focused on children's privacy. The exercise examined nearly 900 websites and apps, finding an increase in mandatory data collection and third-party sharing compared to a 2015 sweep, though some platforms showed improved age assurance measures.
CJEU Decision on DSARs and Compensation Eligibility
The Court of Justice of the European Union (CJEU) ruled on the interpretation of Article 12(5) of the GDPR concerning Data Subject Access Requests (DSARs). The decision clarifies that a single DSAR can be considered excessive or abusive, and controllers may rely on publicly available information to assess such claims, impacting how organizations handle and potentially refuse DSARs.
Fifth Circuit Hears NetChoice v. Fitch Age Verification Case
The Fifth Circuit heard oral arguments in NetChoice v. Fitch, a challenge to Mississippi's child age verification law. This case examines the constitutionality of laws requiring platforms to verify user ages, potentially impacting online anonymity.
IAPP Survey on Digital Governance Complexity
The IAPP is launching its 2026 Governance Survey to gather insights on privacy, AI, and digital governance amidst increasing regulatory complexity and geopolitical tensions. The survey aims to benchmark organizational practices and inform international digital policy development.
Electoral Commission FOI Breach Decision
The UK's Information Commissioner's Office (ICO) issued a decision notice finding the Electoral Commission breached Section 10 of the Freedom of Information Act (FOIA) by failing to respond to a request within the statutory 20-day period. The Electoral Commission is required to provide a substantive response to the complainant.
ICO upholds FOI exemption for Rural Services Delivery Grant
The UK's Information Commissioner's Office (ICO) has upheld the Ministry of Housing, Communities and Local Government's decision to withhold information regarding the withdrawal of the Rural Services Delivery Grant. The ICO found that the exemption under section 35(1)(a) of the Freedom of Information Act 2000 was correctly applied.
ICO Upholds FOI 17, Finds HMRC in Breach of Section 17
The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a Freedom of Information (FOI) request made to HM Revenue and Customs (HMRC). The ICO upheld HMRC's decision to neither confirm nor deny holding information about a specific individual and property, citing section 44(2) of FOI. However, the ICO found HMRC in breach of section 17 of FOI for its handling of the request.
ICO Decision on Police Conduct Reports
The ICO issued a decision regarding a Freedom of Information request for police conduct reports concerning a former Metropolitan Police officer. The ICO upheld the exemption under section 30(1)(a)(i) FOIA, finding that investigations and proceedings information should remain withheld.
ICO Decision Notice: Dordon Parish Council FOI Request Failure
The UK's Information Commissioner's Office (ICO) has issued a decision notice against Dordon Parish Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20-working-day period. The ICO requires the council to provide a response to the complainant within 30 calendar days.
ICO Decision Notice: Shropshire ICS Failed to Respond to FOI Request
The UK's Information Commissioner's Office (ICO) has issued a decision notice against Shropshire, Telford and Wrekin Integrated Care System (ICS) for failing to respond to a Freedom of Information (FOI) request within the statutory 20-day period. The ICO requires the ICS to provide a response to the complainant within 30 calendar days.
ICO Decision on Southern Water EIR Request
The UK's Information Commissioner's Office (ICO) issued a decision regarding Southern Water's handling of an Environmental Information Regulations (EIR) request. While Southern Water was permitted to withhold some information related to a sewer level monitor, the ICO found that the company failed to respond within the required statutory timescales.
Rotherham Council FOI Exemption Upheld by ICO
The UK's Information Commissioner's Office (ICO) has decided that Rotherham Metropolitan Borough Council correctly applied the section 43(2) exemption under the Freedom of Information Act (FOIA) to withhold information regarding operator costs at Forge Island. The ICO found that the public interest favoured maintaining this exemption.
AEPD Finds RUBICOR FITNESS Infringed GDPR Article 17
The Spanish Data Protection Agency (AEPD) has issued a resolution finding RUBICOR FITNESS in violation of GDPR Article 17 (Right to Erasure). The agency initiated proceedings after the complainant's request for erasure was not adequately addressed by the company. RUBICOR FITNESS failed to provide the required response and justification during the administrative process.
AEPD Spain: Appeal REPOSICION-PA-00034-2024 Inadmitted
The Spanish Data Protection Agency (AEPD) has inadmitted an appeal (REPOSICION-PA-00034-2024) filed by A.A.A. against a resolution dated January 16, 2026. The inadmission is based on the appellant's lack of standing as an interested party in the initiated procedure, as per Article 62.5 of the LPACAP.
EDPB Conference on GDPR, DMA, DSA Cooperation
The European Data Protection Board (EDPB) held a conference on March 17, 2026, discussing cross-regulatory cooperation between data protection authorities and those overseeing competition, the Digital Markets Act (DMA), and the Digital Services Act (DSA). Key takeaways included the need for aligned approaches between data protection and competition regulators, and the importance of coherent interpretation of the DMA and GDPR, as well as the DSA and GDPR.
ICO Decision Notice: Home Office FOI migrant stats upheld
The UK's Information Commissioner's Office (ICO) has upheld a complainant's appeal against the Home Office regarding a Freedom of Information (FOI) request for migrant arrival statistics. The ICO ruled that the Home Office improperly withheld information under the personal data exemption.
ICO Decision: HMRC FOI Request - Statutory Prohibition Upheld
The UK's Information Commissioner's Office (ICO) has issued a decision regarding a Freedom of Information (FOI) request made to HM Revenue and Customs (HMRC). The ICO upheld HMRC's decision to withhold certain information based on section 44(1) of the FOIA, which concerns statutory prohibitions on disclosure.
Bridgend Council FOI Complaint Upheld by ICO
The UK's Information Commissioner's Office (ICO) has upheld a complaint against Bridgend County Borough Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20 working days. The council has been directed to provide a substantive response to the request.
ICO Upholds FOI Complaint Against London Borough of Enfield for Delayed Response
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against the London Borough of Enfield. The ICO found that the council failed to respond to a complainant's information request within the statutory 20-working-day limit, breaching Section 10 of the Freedom of Information Act.
DAERA Decision on Freedom of Information and Data Protection Complaints
The ICO has issued a decision regarding complaints against the Department of Agriculture, Environment and Rural Affairs (DAERA) concerning freedom of information and data protection. DAERA was found to have breached EIR regulation 11(4) by failing to provide an internal review outcome within 40 working days, but was entitled to withhold certain commercial information.