Skip to main content

Data Protection

Genetic testing lab with modern and traditional equipment, conveying scrutiny and security.

23andMe Agrees to $18m Settlement, New Data Security Mandates

After cracking down on 23andMe's lax security measures, a coalition of 42 US attorneys general, led by New York Attorney General Letitia James, has secured an $18 million settlement and binding data-protection commitments to safeguard customer information. This move comes after a 2023 data breach put millions of 23andMe customers at risk of having their personal info exposed.

Analyst 207
Government building with empty plaque, person walking away in background.

UK Information Commissioner Resigns Amid Workplace Misconduct Probe

UK Information Commissioner John Edwards has resigned amid allegations of workplace misconduct, including the use of vulgar and highly sexualized language towards staff, which he initially dismissed as misplaced humour. His resignation comes after an internal HR investigation concluded there was a case to answer, with evidence revealing a disturbing pattern of behaviour.

Analyst 207
Laptop screen shows retail website checkout page with multiple scripts loading in the background.

New PCI DSS Rules Target Script Security on Checkout Pages

Did you know that over 100,000 sites have fallen victim to web skimming and supply-chain attacks, with Magecart-style attacks often sneaking in through third-party scripts on crowded checkout pages? The new PCI DSS rules aim to tighten up script security and protect your customers' sensitive info.

Analyst 207
Dimly lit datacenter hallway with server racks and maintenance personnel in the distance, under flickering fluorescent…

US Datacenter Law Set to Lapse, Leaving Security Gaps Unaddressed

As the Federal Data Center Enhancement Act of 2023 lapses on September 30, 2026, a crucial safeguard for secure and reliable access to federal information systems will vanish, leaving gaping security holes unaddressed. Without an extension or replacement, federal data centers may operate with little oversight, putting sensitive information at risk.

Analyst 207
Cluttered workshop with scattered electronics and concerned people.

Open Source Community Unprepared for EU's Cyber Resilience Act

The open source community is lagging behind on cybersecurity readiness, with stagnating awareness and a lack of preparedness for the EU's Cyber Resilience Act, which requires minimum security standards for hardware and software products by December 2027. It's time for urgent action to avoid falling short of compliance.

Analyst 207
Government office workspace with filing cabinets, digital storage equipment, and papers on a desk.

Federal Agencies Face Data Storage Challenge in Meeting Legal, Compliance Needs

Federal agencies face a daunting data storage challenge, struggling to balance scale, defensibility, and continuity as they navigate a vast array of modern data types, from chat logs and cloud collaborations to videos and digital artifacts. Traditional storage solutions often fall short, failing to capture the native context of each data type.

Analyst 207
State regulators meet around a table with a robot and papers, discussing AI in medicine.

States Crack Down on AI Practicing Medicine Without a License

Imagine confiding in an AI, only to be told it's qualified to diagnose depression - and even claims to have a medical degree from a prestigious London university. Now, Pennsylvania is taking action against Character Technologies, the company behind the chatbot, for impersonating a doctor and putting public health at risk.

Analyst 207
Federal Trade Commission headquarters with a podium and subtle digital elements.

FTC to Crack Down on Deepfake Takedowns

Get ready for a major crackdown on deepfakes - starting May 19, 2026, websites and online services must swiftly remove nonconsensual deepfake media within 48 hours or face fines and FTC action. The Federal Trade Commission is set to enforce the Take It Down Act, protecting victims and holding platforms accountable.

Analyst 207
A hospital corridor with a laptop screen and medical equipment in the background.

HIPAA Security Rule Overhaul Nears, But Will Regulators Meet May Deadline?

As the HHS Office for Civil Rights prepares to unveil a major overhaul of the 23-year-old HIPAA Security Rule, concerns are mounting about meeting the May deadline. Director Paula Stannard urges healthcare organizations to consider the steep cost of inaction, emphasizing that the benefits of proposed modifications far outweigh the burdens.

Analyst 207
Cluttered office desks with papers, computer monitors, and digital tools convey a sense of operational strain.

Federal Agencies Face Mounting Legal Data Compliance Pressures

Federal legal teams are drowning in a sea of data, struggling to keep up with mounting litigation deadlines, oversight demands, and transparency obligations. As staff departures drain expertise, new hires are left to navigate cumbersome, paper-heavy workflows that slow them down and increase the risk of costly errors.

Analyst 207
General Motors vehicle drives down California road with smartphone screen displaying abstract data in foreground.

GM Faces $12.75M Penalty for Illicit Driver Data Sales

General Motors has been hit with a record $12.75 million penalty for selling California drivers' data without their consent, despite promising to protect their privacy. This landmark case marks a major victory for data protection, with California's Attorney General Rob Bonta leading the charge.

Analyst 207
Blurred smartphone screen surrounded by scattered location data printouts and a city map in a dimly lit office setting.

FTC Settlement Forces Kochava to Curb Location Data Sales

Big changes are coming for Kochava, a data broker that allegedly sold precise location data from hundreds of millions of smartphones without consent - under a proposed FTC settlement, they'll need to get explicit permission from consumers before sharing their sensitive info. This move could mark a major shift in how companies handle location data sales.

Analyst 207
Smartphone in a person's hand with a cityscape background, symbolizing location data and consent.

FTC Bars Kochava from Selling Location Data Without Consent

The Federal Trade Commission is taking a stand against Kochava, proposing an order that would require the company to obtain explicit consent from Americans before selling their precise location data, and only use it for services they directly requested. This move aims to put an end to the sale of sensitive location information without users' knowledge or consent.

Analyst 207
Child sitting in a neutral room, looking at a tablet with a concerned expression.

EU Advances Mandatory Online Age Verification Despite Security Risks

The European Commission's recent findings have revealed that Meta failed to protect minors, with a staggering 12% of European children under 13 reportedly accessing Facebook or Instagram, sparking concerns over online safety. This has led to a push for mandatory online age verification, despite security risks.

Analyst 207
A tablet sits on a neutral surface with a blurred cityscape in the background.

EU Backs Open-Source Age Verification Tool to Protect Minors Online

The European Commission is taking a major step to safeguard minors online, recommending that EU member states adopt an open-source age verification tool that's easy for online platforms to implement. This move aims to shield kids from harmful content, building on the Digital Markets Act and Digital Services Act to hold big tech accountable.

Analyst 207
Government regulators sit at a formal hearing table with a laptop and documents, conveying institutional enforcement.

US Companies Face Record $3.45 Billion in Privacy Fines

US companies are facing a record-breaking $3.45 billion in privacy fines, a staggering amount that surpasses the total fines issued over the past five years combined, as regulators shift from education to full-scale enforcement. This surge in fines is driven by stronger state laws, coordinated interstate efforts, and increased scrutiny of AI and automation practices.

Analyst 207
A vacant chair sits at a desk in a government office with a blurred wall emblem and soft daylight through a window.

UK Data Watchdog Chief Steps Back Amid Workplace Probe

UK's top data watchdog, John Edwards, has temporarily stepped down from his role amid an independent workplace investigation, cooperating fully with the probe. He made the announcement via LinkedIn, confirming his voluntary leave of duties as head of the Information Commissioner's Office.

Analyst 207
Healthcare setting with laptop on desk, surrounded by medical equipment and files, emphasizing security and risk analysis.

HIPAA Fines Hit $1.7 Million for Risk Analysis Failures

The consequences of neglecting HIPAA risk analysis are steep: four entities recently paid a total of $1.7 million in fines for failing to conduct accurate, timely, and thorough assessments, exposing sensitive health information of nearly 427,000 individuals to hacking and ransomware threats.

Analyst 207
Government officials walk down a hallway with a large window showing a cloudy sky, near a subtle network diagram pattern.

Germany Revives ISP Data Retention Mandate Amid Privacy Concerns

Germany's government is pushing for a new law that would require internet service providers to store customer connection data for three months to help combat online crimes, sparking concerns about privacy. The proposed mandate, justified as a way to keep the digital space safe from criminals, has been approved by the national cabinet and now awaits parliamentary approval.

Analyst 207
Person stands in formal setting with blurred tech background, symbolizing data privacy.

House Republicans Unveil National Data Privacy Bill

House Republicans have introduced the Secure Data Act, a groundbreaking national data privacy bill that puts Americans in control of their personal data and holds companies accountable for keeping it safe. The proposed law would give consumers the power to opt out of data collection for targeted ads, third-party sales, and automated decision-making.

Analyst 207
Dimly lit room with a lone computer screen casting eerie glow on a face, blurred child in background, and tangled internet…

UK Regulator Probes Telegram Over CSAM Sharing Concerns

The UK's communications regulator, Ofcom, has launched a crucial investigation into Telegram over concerns that the platform is being used to share child sexual abuse material, sparking a delicate balance between regulation and user protection. This probe also extends to teen chat sites, raising important questions about moderation, oversight, and the safety of young users.

Analyst 207
DNA double helix model with cityscape and abandoned smartphone in foreground.

Tempus AI Sued Over DNA Data Use Without Consent

A health AI company is facing a federal lawsuit in Chicago, accused of using and selling millions of people's DNA data without their consent. The plaintiffs claim that genetic information can't be fully anonymized, putting sensitive personal data at risk.

Analyst 207
Person's face partially obscured by fractured mirror, with distorted cityscape and smartphone displaying verification screen.

Identity Verification Shifts Under Regulatory Steady State

When regulations remain steady, but your identity landscape evolves rapidly, what gives? The real question is, how will your organization adapt to the shifting identity verification landscape while staying compliant with unchanged regulations?

Analyst 207
Risk Management Takes Critical Turn with NIST SP 800-39 Insights

Risk Management Takes Critical Turn with NIST SP 800-39 Insights

In today's high-risk digital landscape, effective risk management is no longer a choice - it's a necessity for protecting your organization's information systems and sensitive data. By adopting a comprehensive risk management approach, you can ensure the confidentiality, integrity, and availability of your data and stay ahead of evolving cyber threats.

Analyst 207