Searching in Data Privacy & Cybersecurity · Search everything
18 changes Data Privacy & Cybersecurity
ISO 20022 CBPR+ Address Structuring Deadline November 2026
SWIFT announced that the CBPR+ ISO 20022 migration achieved 97% adoption as of November 2025. A new requirement mandates removal of unstructured postal addresses from CBPR+ payment messages by November 2026. After this date, only fully structured or hybrid postal addresses will be accepted; payments with non-compliant addresses may be rejected or delayed by PSPs. Standards Release 2026 Usage Guidelines were published February 20, 2026.
Queen Elizabeth Hospital NHS Trust Enforcement Action
The UK's Information Commissioner's Office (ICO) has taken enforcement action against Queen Elizabeth Hospital King's Lynn NHS Foundation Trust. This action involves an enforcement notice, indicating a significant regulatory finding related to data protection practices within the Trust.
University Hospitals Birmingham NHS Trust Enforcement Action
The UK's Information Commissioner's Office (ICO) has issued an enforcement notice against University Hospitals Birmingham NHS Foundation Trust. The notice details breaches of data protection law, requiring the Trust to take specific actions to rectify the issues.
ICO fines TMAC Ltd £100,000 for PECR breaches
The UK's Information Commissioner's Office (ICO) has fined TMAC Ltd £100,000 for breaches of the Privacy and Electronic Communications Regulations (PECR). The company made over 260,000 unsolicited marketing calls to individuals registered on the Telephone Preference Service and failed to provide required caller information.
ISO 20022: Removal of Unstructured Addresses by November 2026
SWIFT has announced that unstructured postal addresses will be removed from ISO 20022 payment messages by November 2026. This change, driven by community request, aims to improve data quality, enable greater automation, and enhance compliance screening in cross-border payments.
ICO Fines Reddit for UK GDPR Violations
The UK's Information Commissioner's Office (ICO) has fined Reddit, Inc. £14.4 million for violating UK GDPR. The penalty stems from failures in age assurance mechanisms and data protection impact assessments, which unlawfully processed children's data and potentially exposed them to harmful content.
Cumbria Constabulary Information Notice
The Information Commissioner's Office (ICO) has issued an information notice to the Chief Constable of Cumbria Constabulary. This notice requires the Constabulary to provide specific information related to an ongoing investigation.
Data Theft Conviction: Munro and Chipoma Sentenced
The ICO has announced the sentencing of Christopher Munro and William Chipoma for data theft and sale, involving over 400 UK garages. Both individuals received suspended prison sentences and community service after pleading guilty to offenses under the Computer Misuse Act and Data Protection Act 1998.
ICO Enforcement Action Against North Tees NHS Trust
The UK's Information Commissioner's Office (ICO) has issued an enforcement notice against North Tees and Hartlepool NHS Foundation Trust. This action follows an investigation into a data breach, with the ICO mandating specific corrective actions.
City of London Police Reprimanded for Data Protection Failures
The UK's Information Commissioner's Office (ICO) has issued a reprimand to the Commissioner of Police for the City of London for failing to respond to Subject Access Requests (SARs) within statutory timeframes. This action highlights data protection obligations for law enforcement agencies.