Your daily source for the most important privacy and data protection news from around the world.
OCR issues rule for reproductive health care under HIPAA
UK NCSC updates cyber assessment framework
The U.K. National Cyber Security Centre updated its cyber assessment framework to include a focus on critical infrastructure vulnerabilities. It now includes sections on remote access, privileged operations, user access levels and multifactor authentication.Full story...
IAB Europe responds to EDPB opinion on pay or consent
IAB Europe published a response to the European Data Protection Board's opinion on the legality of pay-or-consent models for obtaining valid consent to process personal data. IAB Europe said the opinion creates "legal uncertainty for many businesses beyond large online platforms" and the EDPB made "...
India plans post-election amendment to DPDPA's IT rules
Following India's election, the new government plans to introduce an amendment to information technology rules under the Digital Personal Data Protection Act, Business Standard reports. The amendment will reportedly address governance requirements for preventing misinformation created by artificial ...
New CPPA Board member appointed
The California State Senate Committee on Rules appointed Drew Liebert, an attorney who most recently served as the Senate majority leader's chief of staff, to the California Privacy Protection Agency Board. Liebert replaces Lydia de la Torre, whose three-year term ended in March.Full story...
EDPB publishes 2023 Annual Report
The European Data Protection Board issued its 2023 Annual Report. The report contains recaps of the EDPB's adoption of two binding decisions, as well as its urgent binding decision to order Meta to cease all processing of personal data in the European Economic Area.Full story...
AI-generated CSAM may impact incident reporting
A report by Stanford University showed an increase in artificial intelligence-generated child sexual abuse material could overwhelm the National Center for Missing and Exploited Children's CyberTipline, The New York Times reports. Computer Scientist and adjunct professor at Stanford University Alex ...
CNIL publishes 2023 annual report
France's data protection authority, the Commission nationale de l'informatique et des libertés, issued its 2023 annual report, which indicated the regulator received 35% more complaints in 2023 from the general public than in 2022. The CNIL also saw increases in website traffic, particularly to its ...
Companies face US class-action lawsuits after data breaches
Class-action lawsuits were filed against AT&T, Change Healthcare, GardaWorld, SouthState Bank, WellNow Urgent Care, The Aspen Group, Golden Corral and American Vision Partners following data breaches, Top Class Actions reports. The lawsuits claim the companies failed to implement appropriate saf...
Report shows decreased ransomware payments
A report by cybersecurity company Coveware found only 28% of companies paid ransomware groups in the first quarter of 2024, Bleeping Computer reports. The average ransomware payment decreased from USD568,705 in 2023 to USD381,980 in 2024. Coveware said some companies have enhanced their cybersecurit...
Recent Comments