Skip to content

menu

HomeAboutContact

Search

Close

Enter Search Terms

Compliance and risk managementRegulatory responseData breachCybersecurity

Current Page:View topics Archives

Data Protection Report

Data protection legal insight at the speed of technology

Topics

Artificial Intelligence

When AI becomes the cyber attacker: Mythos and what comes next Colorado AI Act: DOJ Steps In As X.AI Suit Pauses How to approach governance of AI agents

Australian privacy reform

Australian Privacy Alert: Parliament passes major and meaningful privacy law reform

BIPA

BIPA damages accrue per transaction BIPA and the record retention requirement Another Day, another large BIPA Settlement

CCPA

Getting ready for California’s new cybersecurity audit requirements Partial compliance is noncompliance: Lessons from California’s $2.75 million settlement with Disney California’s proposed cybersecurity audit regulation

Compliance and risk management

UK data protection complaints – new complaints handling obligations for controllers from 19 June Cybersecurity and Personal Data: The CNIL toughens its stance Tax authorities’ access to individuals’ banking data: the European Court of Human Rights sets privacy limits in the case of Ferrieri and Bonassisa v. Italy

COPPA

FTC’s COPPA Rule changes include AI training consent requirement FTC finalizes COPPA rule amendments

Cybercrime

Happy Cyber Awareness Month Dutch DPA publishes report on personal data breaches TR v Land Hessen – DPA not obliged to fine under the GDPR

Cybersecurity

NYDFS issues guidance “in a heightened cybersecurity environment”When AI becomes the cyber attacker: Mythos and what comes next NYDFS Cybersecurity Enforcement: US$2.25m Fine Against Delta Dental

Data breach

Changes to EU and UK data protection law – a tale of two GDPRs?California tightens data breach notification timelines, imposes 30-day notice requirement Dutch DPA publishes report on personal data breaches

Data protection

UK data protection complaints – new complaints handling obligations for controllers from 19 June Cybersecurity and Personal Data: The CNIL toughens its stance Agentic AI: the ICO’s early thoughts on the data protection implications

Data transfer

Pseudonymised data could fall outside data protection law – introducing the “means reasonably likely” assessment Lessons on international transfers to the US to organisations caught by the GDPR Thailand – The Regulation with respect to Cross-border Transfer of Personal Data

Dispute resolution and litigation

Protective order violations lead to sanctions in Uber MDL litigation TR v Land Hessen – DPA not obliged to fine under the GDPR US SEC charges SolarWinds and its CISO for alleged cybersecurity misstatements and controls failures

Enforcement

Online Safety Act: Protecting Children from Harmful Content Online – Ofcom’s Guidance on Age Assurance for Part 3 Services CSA releases guidance on the use of artificial intelligence in capital markets TR v Land Hessen – DPA not obliged to fine under the GDPR

Fintech

Can you access your outsourced data?CSA releases guidance on the use of artificial intelligence in capital markets FCA sets out plans to make Big Tech a priority and provides update on its approach to AI

General

FTC finalizes COPPA rule amendments New Horizons in Data Protection: Malaysia’s Personal Data Protection (Amendment) Act 2024 Minnesota enacts comprehensive privacy law

HIPAA

Navigating AI compliance with HIPAA essentials US Dept of Health proposes Security Rule amendments that includes new deadlines $3 million HIPAA Settlement

HIPPA

HHS updates online tracker guidance

Information governance

HHS and state AGs fine ambulance firm over $500,000, require enhanced security, privacy, and data minimization practices Celebrating Global Information Governance Day: Why information governance matters more than ever Happy Information Governance Day

Intellectual property

Generative AI: Updated global guide to key IP considerations Deal-maker or deal-breaker: the legal ins and outs of using AI in M&A Practical steps for businesses to comply with Bill C-27: part 2

M&A transactions

Integrating artificial intelligence in M&A processes: A new strategic era - Part 1: Leveraging AI and its advantages Deal-maker or deal-breaker: the legal ins and outs of using AI in M&A Privacy and Cybersecurity Due Diligence Considerations in M&A Transactions

Metaverse

Privacy in a Parallel Digital Universe: The Metaverse

NT Analyzer blog series

Partial compliance is noncompliance: Lessons from California’s $2.75 million settlement with Disney The California Privacy Protection Agency may be clicking through your website NT Analyzer can help determine “data broker” status under the new Bulk Data Transfer requirements

PDPA

Singapore proposes Governance Framework for Generative AI Singapore Releases Proposed Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision Systems European Commission and ASEAN releases Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses

PHIPA

Ontario moves towards introducing new privacy law

PIPEDA

Federal Privacy Commissioner Published Guidance on What Is “Sensitive” Personal Information Privacy in a Parallel Digital Universe: The Metaverse Ontario moves towards introducing new privacy law

Privacy

UK data protection complaints – new complaints handling obligations for controllers from 19 June Tax authorities’ access to individuals’ banking data: the European Court of Human Rights sets privacy limits in the case of Ferrieri and Bonassisa v. Italy Privacy Day 2026: Why trust is the new competitive advantage

Privacy law

Tax authorities’ access to individuals’ banking data: the European Court of Human Rights sets privacy limits in the case of Ferrieri and Bonassisa v. Italy Agentic AI: the ICO’s early thoughts on the data protection implications The Healthline Order: Privacy law grows teeth

Ransomware

Dutch DPA publishes report on personal data breaches Rare recovery in a complex ransomware case: Major NetWalker arrest leads to significant asset seizure FTC Signals Additional Scrutiny for Data Breaches

Regulatory response

Agentic AI: the ICO’s early thoughts on the data protection implications Pseudonymised data could fall outside data protection law – introducing the “means reasonably likely” assessment Dutch DPA publishes report on personal data breaches

SHIELD Act

New York changes data breach law—in December and February Violation of HIPAA Security Rule = Violation of NY SHIELD Act

Uncategorized

NYDFS issues guidance “in a heightened cybersecurity environment”Is my use case a high-risk AI system? Applying the Commission’s guidelines and next steps Colorado’s new AI governance law

Vendor management and transactions

Regulators, including FCC, emphasize third party vendor cybersecurity monitoring requirements NYDFS releases guidance on third-party service provider risks Can you access your outsourced data?

Data Protection Report

Facebook Twitter RSS LinkedIn YouTube

Published by

DisclaimerPrivacy policy

About

More than a news source, the Data Protection Report provides thought leadership on emerging privacy, data protection and cybersecurity issues, and helps its readers proactively address risks and anticipate next steps in this crucial emerging field.

Topics

Select Category

Archives

Select Month

Copyright © 2026, Norton Rose Fulbright LLP. All rights reserved.