Searching in Data Privacy & Cybersecurity · Search everything
703 changes Data Privacy & Cybersecurity
Error Processing Request - Document Not Found
The US Federal Government's regulations.gov website is experiencing an error, preventing access to a specific document. The error message indicates a potential issue with the link or the document's availability, and users are advised to check the URL or contact the Help Desk.
Request for Information on Open-Source Software Security
The Office of the National Cyber Director has issued a Request for Information regarding open-source software security. The agency is seeking input on long-term focus areas and prioritization for enhancing the security of open-source software. Comments are due by October 9, 2023.
Request for Information on Cyber Regulatory Harmonization
The Office of the National Cyber Director has issued a Request for Information (RFI) seeking public input on opportunities and obstacles related to harmonizing cybersecurity regulations across various sectors. The RFI aims to gather insights to improve the efficiency and effectiveness of the nation's cybersecurity regulatory landscape.
NISPPAC Meeting Notice
The Information Security Oversight Office has published a notice announcing a meeting of the National Industrial Security Program Policy Advisory Committee (NISPPAC). The meeting is scheduled for July 18, 2019. This notice serves to inform relevant parties of the upcoming meeting details.
Classified National Security Information Rule
The Information Security Oversight Office published a final rule concerning classified national security information. This rule amends 32 CFR 2001 and is effective May 9, 2022, with a comment deadline of April 28, 2022.
State, Local, Tribal, and Private Sector Policy Advisory Committee Meeting
The Information Security Oversight Office announced a meeting for the State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC). The meeting is scheduled for January 29, 2020, and will cover policy discussions relevant to these sectors.
NISPPAC Meeting Notice
The Information Security Oversight Office has published a notice announcing a meeting of the National Industrial Security Program Policy Advisory Committee (NISPPAC). The meeting is scheduled for November 20, 2019. This notice serves to inform the public about the upcoming committee session.
State, Local, Tribal, Private Sector Policy Advisory Committee Meeting Announced
The Information Security Oversight Office announced a meeting of the State, Local, Tribal, and Private Sector Policy Advisory Committee (SLTPS-PAC). The meeting is scheduled for July 24, 2019. This notice serves to inform relevant parties of the upcoming session.
NJ Scrap Tire Act Privacy Concerns
New Jersey's Scrap Tire Act, effective January 20, 2026, mandates electronic tracking of scrap tires, potentially conflicting with existing privacy laws. Businesses face criminal liability if tracking violates employee privacy statutes, creating a compliance paradox.
Privacy Commissioner Reports 2025 Work and Data Security Incidents
The Office of the Privacy Commissioner for Personal Data (PCPD) reported on its 2025 activities, including a 23% increase in complaints and a 21% rise in data breach notifications. The PCPD also intervened in three data security incidents and conducted 435 compliance checks.
Hong Kong PCPD Arrests Two for Suspected Doxxing
The Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) arrested two men for suspected doxxing and disclosure of personal data without consent, in contravention of the Personal Data (Privacy) Ordinance. The arrests stem from a monetary dispute where personal data and family photos were posted online.
Privacy Commissioner Warns of Construction Worker Recruitment Fraud
The Hong Kong Privacy Commissioner's Office issued a warning regarding fraudulent recruitment advertisements targeting construction workers. The office received 42 complaints in two weeks involving scams that requested sensitive personal data, including construction site "Three Essentials." The PCPD urges vigilance and provides guidance on safeguarding personal data during job applications.
AI Security and Cybersecurity Summit for Enterprises Registration Open
The Office of the Privacy Commissioner for Personal Data (PCPD) and HKIRC are co-organising an AI Security and Cybersecurity Summit for Enterprises on March 31, 2026. Registration is now open for organizations to address AI security and cybersecurity risks. The event aims to raise awareness and readiness among businesses, including SMEs.
Global Privacy Authorities Joint Statement on AI-Generated Imagery
The Office of the Privacy Commissioner for Personal Data (PCPD) and 60 other global privacy authorities have issued a joint statement expressing concern over AI-generated imagery and its potential for harm. The statement urges organizations to develop and use AI content generation systems lawfully, with specific measures to protect data subjects, particularly children.
AI Chatbots Provide Biased Voting Advice, Ignoring Local Parties
The Dutch Data Protection Authority (AP) released a study showing AI chatbots rarely recommend local political parties when providing voting advice. The AP warns that this bias makes chatbots unreliable voting aids and calls on providers to implement measures to prevent their systems from being used for voting advice, especially in light of the EU AI Act.
Data Breach Decision Highlights Security Lapses
The Singapore Personal Data Protection Commission (PDPC) issued a decision regarding a data breach affecting 665,000 individuals due to system misconfiguration. The case highlights lapses in security practices and emphasizes the need for robust technical and governance measures.
Ransomware Incident Data Breach and Security Lapses
Singapore's Personal Data Protection Commission issued a decision regarding a ransomware incident affecting 39,000 individuals' data due to security lapses. Three separate undertakings were also accepted for similar incidents. The Commission directed the organization to strengthen its security posture and highlighted key takeaways for all organizations to prevent future breaches.
PDPC Steps Up NRIC Misuse Enforcement and Issues New Advisory
The Singapore Personal Data Protection Commission (PDPC) is stepping up enforcement against private organizations misusing NRIC numbers for authentication starting January 1, 2027. New advisories are also being issued to guide organizations on data protection lapses and recommend more secure authentication methods.
Data Protection Breaches Result in Financial Penalties
Singapore's Personal Data Protection Commission issued financial penalties to four organizations for data protection breaches affecting over 1 million individuals. These breaches stemmed from inadequate security measures, including poor patch management and lack of data protection policies. An additional organization committed to an undertaking following a ransomware attack.
PDPC Publishes Four Undertakings on Ransomware and Unauthorized Access
Singapore's Personal Data Protection Commission (PDPC) has published four undertakings from organizations that experienced ransomware attacks and unauthorized access. These undertakings detail remediation measures to strengthen cybersecurity defenses and data protection practices.
Privacy Commissioner Statement on Bunnings Facial Recognition Decision
The Australian Privacy Commissioner has issued a statement regarding the Administrative Review Tribunal's decision on Bunnings' use of facial recognition technology. The statement clarifies that while the Tribunal allowed Bunnings to use the technology for specific crime prevention purposes, significant privacy safeguards and notification requirements remain crucial.
Cambridge Analytica Payment Program Registration Deadline
Eligible Australian Facebook users impacted by the Cambridge Analytica matter must register for a payment program by December 31, 2025. The program, established by Meta Platforms as part of an enforceable undertaking with the Australian Information Commissioner, offers payments to over 300,000 affected individuals.
OAIC Statement on Bunnings Facial Recognition Technology Decision
The Australian Information Commissioner (OAIC) issued a statement regarding the Administrative Review Tribunal's decision on Bunnings' use of facial recognition technology (FRT). The Tribunal affirmed findings that Bunnings contravened privacy principles by failing to provide adequate notice and conduct a formal risk assessment for its FRT system.
OAIC Highlights Improved Transparency in Government Automated Decision-Making
The Australian Information Commissioner (OAIC) has released a report highlighting opportunities for government agencies to improve transparency in automated decision-making (ADM). The report follows a review of 23 agencies and identifies a significant gap in public disclosure of ADM use, with only 17% of agencies disclosing it.
Hungarian Information Rights System 30th Anniversary Celebration
The Hungarian data protection authority celebrated the 30th anniversary of the country's information rights system with an international conference on September 17, 2025. The event reviewed past achievements, challenges, and future tasks in data protection and freedom of information.
Hungary Ratifies Council of Europe Convention 108+
Hungary has become the 30th party to ratify the Council of Europe's Convention 108+, an international treaty concerning data protection. This action signifies Hungary's commitment to aligning its data protection laws with international standards.
NAIH launches AWARE project for GDPR awareness
The National Authority for Data Protection and Freedom of Information (NAIH) has launched the EU-funded AWARE project to increase GDPR awareness among micro and small enterprises, particularly in the beauty and private healthcare sectors. The project will run from 2025 to 2027 and includes research, an information website, webinars, and training.
Publication Obligation for Public Data Registry and Transparency Procedure
Hungary's National Authority for Data Protection and Freedom of Information has issued a notice regarding a new publication obligation for budgetary organs. All budgetary organs, except national security services, must publish financial management data bi-monthly on a new online platform, with potential fines for non-compliance.
Hungarian Data Protection Authority Launches Freedom of Information Development Project
The Hungarian National Authority for Data Protection and Freedom of Information has launched a development project funded by an EU grant to enhance the enforcement of freedom of information. The project aims to investigate current practices, identify obstacles, and develop proposals for optimisation.
Real Estate Agency Fined 100,000 EUR
The Croatian Personal Data Protection Agency (AZOP) has fined a real estate agency 100,000 EUR for violations related to data protection. The agency also announced a conference on Data Protection in AI Systems.
Real Estate Agency Fined for GDPR Violations
The Croatian Personal Data Protection Agency has fined a real estate agency EUR 100,000.00 for processing personal data in violation of the General Data Protection Regulation (GDPR). The agency acted as a controller in this case.
Real Estate Agency Fined EUR 100,000 for GDPR Violations
The Croatian Personal Data Protection Agency has fined a real estate agency EUR 100,000 for violating GDPR provisions. The agency acted as a controller and processed data contrary to the regulation.
Croatian Data Protection Agency Fines Real Estate Agency
The Croatian Personal Data Protection Agency has imposed a EUR 100,000 fine on a real estate agency for processing personal data in violation of the GDPR. The agency acted as a data controller and processed data contrary to the regulation's provisions.
Real Estate Agency Fined EUR 100,000 for GDPR Violations
The Croatian Personal Data Protection Agency has imposed a EUR 100,000 fine on a real estate agency for processing personal data in violation of the General Data Protection Regulation. This action highlights the agency's commitment to enforcing data protection laws.
Data Protection Authorities of Slovakia and Austria Meet
Data protection authorities from Slovakia and Austria met on December 10, 2025, in Bratislava to discuss cooperation and upcoming regulatory changes, including GDPR amendments and new EU digital laws. This meeting follows previous bilateral and regional discussions.
Irish and Austrian Data Protection Authorities Meeting
The Austrian Data Protection Authority hosted officials from the Irish Data Protection Commission for a meeting on January 13, 2026. The meeting aimed to discuss matters of mutual interest and further strengthen the close cooperation between the two regulatory bodies, particularly concerning cross-border data protection cases.
Data Protection Authority Joint Database Launched
The Austrian Data Protection Authority and the Parliamentary Committee for Data Protection (PDK) have launched a joint database for their decisions within the legal information system (RIS). This new application, named 'Datenschutz-Aufsichtsbehörden', aims to streamline access to data protection rulings.
Data Protection Authority 2026 Focus Audits on Processing Security
The Austrian Data Protection Authority (DSB) announced its 2026 focus audits will target processing security under Article 32 GDPR. Procedures against selected controllers and processors are scheduled to begin in March 2026, with a second part announced in June 2026.
DSB Circular on Freedom of Information Act
The Austrian Data Protection Authority (DSB) issued a supplementary circular on December 12, 2025, regarding the Freedom of Information Act. This circular clarifies a previous communication, adjusting a reporting deadline for data submissions.
Seminar on Privacy Risks from Personal Data Processing
The Hellenic Data Protection Authority and the University of Piraeus are organizing an online seminar on privacy risks associated with personal data processing, particularly concerning Artificial Intelligence. The seminar is part of the byRisk project and is open to the general public.
Hellenic Data Protection Authority Holds Dialogue Day with Research Community
The Hellenic Data Protection Authority (HDPA) successfully held its "1st Dialogue Day with the Research Community" on October 1, 2025. The event focused on strengthening cooperation with academic and research institutions on data protection issues, including AI applications and privacy-friendly digital wallets.
byRisk Project Newsletter 2 Supports SMEs with Data Protection Risks
The Hellenic Data Protection Authority has released the second newsletter for the European byRisk project, which aims to support small and medium-sized enterprises (SMEs) in identifying and analyzing data protection risks. This issue details project progress, including risk categorization and the design of a new risk assessment tool.
Hellenic DPA Information Day 2026 on Data Protection and AI
The Hellenic Data Protection Authority (HDPA) held an Information Day on Data Protection Day 2026, discussing the GDPR, the proposed AI Act, and the HDPA's role. The event highlighted the need for effective implementation of regulations and adequate resources for the HDPA.
Hellenic DPA byRisk Project: Data Protection for SMEs and Public Awareness
The Hellenic Data Protection Authority has launched the byRisk project, co-funded by the European Commission, to support SMEs in data protection risk assessment and raise public awareness. The project aims to develop tools for SMEs and the general public, with pilot operations expected by March 2026 and an international conference planned for October 2026.
Data Protection Basics Training Session
The CNPD of Luxembourg is offering a free 'Data Protection Basics' training session in French on June 16, 2026. The 5-hour session is designed for individuals new to data protection and aims to explain the core principles of the RGPD. Registration is required via email.
Data Protection Basics Training - RGPD Introduction
The CNPD (Luxembourg's data protection authority) is offering a 5-hour introductory training session on data protection basics and the RGPD. The training is aimed at individuals new to data protection and will be held in French on April 14, 2026, in Belval.
CNPD AI Data Protection Training Session
The CNPD is offering a 4-hour in-person training session on Data Protection Basics: Artificial Intelligence. The training aims to help participants understand the challenges of AI concerning data protection and the GDPR, and is scheduled for May 5, 2026.
CNPD Workshop on DAAZ Diploma Ceremony
The CNPD is hosting a workshop and DAAZ diploma ceremony on April 29, 2026, in Luxembourg. The event aims to provide feedback on a previous workshop and recognize participants' achievements in the DAAZ tool.
CNPD AI Data Protection Training Session
The CNPD is offering a 4-hour in-person training session on Data Protection Basics: Artificial Intelligence. The session, held on April 7, 2026, aims to explain the challenges of AI in relation to data protection and the GDPR.
CJEU Judgment: Online Marketplace Operator as Data Controller
The Court of Justice of the European Union ruled in Case C-492/23 that an online marketplace operator is a data controller under GDPR. The operator must identify and verify sensitive data in advertisements before publication and obtain explicit consent.