IT Security & Privacy

ICO Reprimands Labour Party for Data Privacy Violations

The Information Commissioner's Office (ICO) has issued a formal reprimand to the UK Labour Party for repeatedly failing to respond to subject access requests (SARs) within the legally mandated timeframe. This action follows an investigation prompted by over 150 complaints received by the ICO between November 2021 and November 2022.

Uber Fined €290 Million by Dutch DPA for Data Transfers to the U.S.

The Dutch Data Protection Authority (DPA), in cooperation with the French data protection authority CNIL, has imposed a colossal €290 million fine on Uber B.V. and Uber Technologies Inc. The penalty, announced on August 26, 2024, stems from Uber's unauthorized transfer of European drivers' personal data to the United States without implementing sufficient safeguards—a violation of the General Data Protection Regulation (GDPR).

DOJ Sues Georgia Tech for Alleged Cybersecurity Violations in Defense Contracts

The United States Department of Justice (DOJ) has joined a whistleblower lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate, Georgia Tech Research Corporation (GTRC), alleging significant cybersecurity violations in connection with Department of Defense (DoD) contracts.

Texas AG Sues GM Over Alleged Unlawful Collection & Sale of Driver Data, Raising Compliance Concerns

Texas Attorney General Ken Paxton has filed a lawsuit against industry titan General Motors (GM) over the company's alleged unlawful collection and sale of driver data. This action comes as part of a broader data privacy and security initiative launched by Paxton to aggressively enforce Texas privacy laws.

ICO Unveils Easy-to-Use Privacy Notice Generator to Aid Small Businesses' Data Compliance

The UK's Information Commissioner's Office (ICO), the independent regulator for data protection and information rights, has launched a new online tool to simplify privacy notice creation for small businesses.

Spanish Data Protection Agency Initiates Sanction Procedure Against Uniqlo Europe

The Spanish Data Protection Agency (AEPD) has launched a sanction procedure against Uniqlo Europe, Ltd, Spanish Branch, following a significant data breach that occurred in August 2022. The incident came to light when a former employee filed a complaint on March 31, 2023, revealing that they had received an email containing a PDF with payroll information of 447 Uniqlo workers.

APRA Issues Guidance on Cyber Control Weaknesses

The Australian Prudential Regulation Authority (APRA) has released a new set of insights regarding common cyber control weaknesses observed among regulated entities. This guidance is part of APRA’s continued effort to bolster cyber resilience across the financial sector, which includes banks, superannuation funds, and insurance companies. The latest communication builds on APRA’s previous focus on data backup security and highlights critical areas where many institutions fall short.