Issue 197


  • UK’s Information Commissioner (ICO) entered into Memorandum of Understanding with Japan’s Personal Information Protection Commission focused on data protection.
  • ICO announced that it had issued a reprimand to Optionis Group Limited, for violations of the UK General Data Protection Regulation, following a data breach.
  • European Data Protection Board adopted an opinion on the Proposal for a Regulation on the establishment of the digital euro, jointly with the European Data Protection Supervisor.
  • The French data protection authority launched a public consultation on creation of datasets for the development of artificial intelligence systems.


  • New York State Attorney General published an Assurance of Discontinuance, in which it came to a settlement of USD 350,000 with Personal-Touch Holding Corp., a healthcare company, for violations of the Health Insurance Portability and Accountability Act of 1996, following a data breach.
  • USA’s Cybersecurity and Infrastructure Security Agency published an update to the joint Secure by Design guidance titled, ‘Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software.
  • Canada’s Office of the Privacy Commissioner released two companion documents supporting its resolution on youth privacy.


  • Australian Communications and Media Authority imposed a fine of AUD 515,040 on Ticketek Pty Ltd for violations of the Spam Act 2003.
  • South Korea’s Personal Information Protection Commission announced the publication of its guidelines on standards for disciplinary action for violations of personal information protection laws.
  • Indian Computer Emergency Response Team published a whitepaper titled ‘API Security: Threats, Best Practices, Challenges, and Way forward using AI.’