California State Assembly member, Josh Lowenthal, introduced Assembly Bill (AB) 566 on February 12, 2025, backed by the California Privacy Protection Agency (CPPA). The bill aims to empower Californians with a simple, one-step tool to manage their digital privacy—requiring web browsers and mobile operating systems to provide users with an easy opt-out option for sharing their personal data.
A data breach is never just a technical mishap, it’s a disruption that threatens both trust and personal rights. For those tasked with managing personal data, the Federal Data Protection Act (FADP) lays out clear—but complex—guidelines on how to handle such breaches. Article 24 of the FADP is especially crucial, detailing the responsibilities of data controllers when security incidents occur. Here’s a rundown of how data controllers can navigate these waters, ensuring they’re both compliant and proactive.
The Personal Information Protection Commission (PIPC) is gearing up for a busy 2025. At its second plenary meeting, the Commission outlined its investigative goals for the year, emphasizing both strict oversight of privacy practices and a more supportive, growth-friendly environment for businesses. Whether it’s diving deep into sectors closely tied to people's daily lives or making sure that emerging technologies like AI don’t compromise personal privacy, the PIPC is taking a multifaceted approach to privacy protection this year.
The reality of cybersecurity risks has hit home for many licensed corporations (LCs) in Hong Kong. The Securities and Futures Commission (SFC) recently unveiled findings from its latest 2023/24 Thematic Cybersecurity Review, shedding light on the alarming rise of material cybersecurity incidents in recent years. And the results? Not pretty.
In December 2024, Valio, Finland’s iconic dairy company, made an announcement that a personal data breach had compromised the personal information of a significant portion of their workforce. Fast forward to January 2025, and the situation has escalated. The breach, initially thought to be limited in scope, now affects far more people than originally estimated. And the authorities? They’re all over it
Another day, another data breach—this time, it's Grubhub in the hot seat. The food delivery giant has disclosed a cybersecurity incident that compromised sensitive information belonging to customers, merchants, and drivers. The breach, linked to a third-party service provider, raises pressing concerns about supply chain security in the gig economy and highlights yet again how cybercriminals continue to exploit vulnerabilities in widely used platforms.
If there’s one thing we’ve learned in the AI gold rush, it’s that innovation often outpaces security. Case in point, DeepSeek, a rising star in the AI space, just found itself in the hot seat after a major security lapse exposed a publicly accessible database filled with sensitive information. And when we say sensitive, we’re talking chat logs, API keys, backend details—essentially, the crown jewels of its operation.