EU & UK
- The European Data Protection Board adopted the Guidelines on the technical scope of Article 5(3) of the Directive on Privacy and Electronic Communications, during its 87th plenary meeting.
- UK’s Information Commissioner’s Office published the findings of its assessment of the data protection practices of the UK private investigation and tracing agent sector.
- UK’s Information Commissioner’s Office launched a public consultation on its guidance on transparency in the health and social care sector.
- The European Parliament announced the adoptions of the Data Act, which now awaits formal approval by the Council of the European Union to become law.
- The European Data Protection Supervisor signed a Memorandum of Understanding with UK’s Information Commissioner’s Office, reinforcing their shared aim to safeguard individuals’ data and privacy rights.
- New York Attorney agreed to a settlement of USD 450,000 with US Radiology Specialists, Inc., for violations of the Executive Law and the General Business Law, following a data breach.
- Cybersecurity and Infrastructure Security Agency announced the release of its first Roadmap for Artificial Intelligence.
- Office of Privacy and Civil Liberties announced the first panel of judges appointed to the Data Protection Review Court.
- Governor of New York announced proposed cybersecurity regulations for hospitals to help safeguard healthcare networks and systems, as a complement to the Health Insurance Portability and Accountability Act of 1996.
- The California Privacy Protection Agency released a revised draft Cybersecurity Audit Regulations.
INDIA AND ASIA PACIFIC
- Office of the Australian Information Commissioner commenced a civil penalty proceeding in the Federal Court against Australian Clinical Labs Limited for breach of the Privacy Act 1988, following a data breach.
- Thailand’s Personal Data Protection Committee released draft regulations on international data transfers for public consultation.
- Reserve Bank of India published a Master Direction on Information Technology Governance, Risk, Controls, and Assurance Practices, that will come into effect from April 1, 2024.
- Singapore’s Personal Data Protection Commission issued a fine of SGD 10,000 to Ascentis Pte. Ltd., for violation of the Personal Data Protection Act, following a security incident.
- China’s National Information Security Standardization Technical Committee requested public comments on the draft Cybersecurity Standard Practice Guidelines – Guangdong-Hong Kong-Macau Greater Bay Area Cross Border Personal Information Protection Requirements.
Read our digital newsletter here.