GRC Report Staff

A data breach is never just a technical mishap, it’s a disruption that threatens both trust and personal rights. For those tasked with managing personal data, the Federal Data Protection Act (FADP) lays out clear—but complex—guidelines on how to handle such breaches. Article 24 of the FADP is especially crucial, detailing the responsibilities of data controllers when security incidents occur. Here’s a rundown of how data controllers can navigate these waters, ensuring they’re both compliant and proactive.

The National Treasury Employees Union (NTEU) has filed two lawsuits in response to recent executive actions that it argues threaten both the continued operation of the Consumer Financial Protection Bureau (CFPB) and the privacy of its employees. The lawsuits, filed on February 10, 2025, highlight concerns over the impact of these measures on both the agency's mission and the personal security of its workforce.

The battle over the SEC’s climate disclosure rule has entered a new phase, and the winds are shifting—this time, away from the aggressive push for federal mandates. On February 11, Acting SEC Chair Mark Uyeda signaled a significant change by requesting that a federal appeals court delay oral arguments in the ongoing lawsuit against the rule. This request is just the latest in a series of developments that point to a deepening uncertainty about the future of the rule, which mandates that companies disclose climate-related risks to investors.

In a world where AI promises seem to be becoming as frequent as pop-up ads, the FTC’s decision to take on DoNotPay is a notable one. The company, which once boasted about offering “the world’s first robot lawyer,” has now been forced to face the music for its misleading marketing. The Federal Trade Commission has finalized an order against DoNotPay, following an investigation that questioned the legitimacy of their AI-powered legal services.

The Personal Information Protection Commission (PIPC) is gearing up for a busy 2025. At its second plenary meeting, the Commission outlined its investigative goals for the year, emphasizing both strict oversight of privacy practices and a more supportive, growth-friendly environment for businesses. Whether it’s diving deep into sectors closely tied to people's daily lives or making sure that emerging technologies like AI don’t compromise personal privacy, the PIPC is taking a multifaceted approach to privacy protection this year.

In his testimony before the Senate Banking Committee on Tuesday, Federal Reserve Chairman Jerome Powell faced a question that has been on the minds of many -What happens if the Consumer Financial Protection Bureau (CFPB), a critical agency tasked with consumer protection, faces diminished funding or is otherwise hindered in its operations?

As of 17 January 2025, the Digital Operational Resilience Act (DORA) has officially begun to reshape how the financial sector addresses ICT risk management. In response, the European Banking Authority (EBA) has made a series of key adjustments to its Guidelines on ICT and security risk management. These revisions, aimed at cutting down on duplication and creating clearer expectations for the market, help ensure that financial institutions aren’t bogged down by overlapping regulations.