IT Security & Privacy

On April 7, 2024, U.S. Senator Maria Cantwell (D-WA), Chair of the Senate Committee on Commerce, Science and Transportation, and U.S. Representative Cathy McMorris Rodgers (R-WA), Chair of the House Committee on Energy and Commerce, released a discussion draft of the American Privacy Rights Act (APRA). This bipartisan, bicameral draft legislation seeks to unify the fragmented landscape of sectoral-based and state-specific data privacy laws in the United States.

The data protection authorities of the United Kingdom and Canada have announced a collaborative investigation into the significant data breach at 23andMe, a leading global provider of direct-to-consumer genetic testing services.

The European Supervisory Authorities (ESAs) and the European Union Agency for Cybersecurity (ENISA) have signed a multilateral Memorandum of Understanding (MoU). This agreement formalizes ongoing discussions and sets the framework for strengthened cooperation and information exchange between the agencies.

The Office of the Australian Information Commissioner (OAIC) has filed civil penalty proceedings against Medibank Private Limited in the Federal Court, alleging serious privacy breaches related to the health insurer's massive data breach in October 2022.

Live Nation Entertainment, the global entertainment and ticketing giant, has fallen victim to a cyber attack where company data was accessed and stolen by a criminal hacker. The company disclosed the incident in a regulatory filing.

As organizations increasingly rely on software-as-a-service (SaaS) solutions to power their operations, the need to secure sensitive data has become paramount. While SaaS providers offer convenience and scalability, they often fall short in providing robust data protection measures, leaving the onus on businesses to safeguard their critical information.

The escalating cybersecurity threat environment is keeping compliance professionals on their toes, according to the latest Wall Street Journal survey. An overwhelming majority of companies (90%) reported an increase in cybersecurity risks over the past year, with nearly half describing the risk as having shot up substantially.