Issue 200


  • The European Data Protection Board adopted the Guidelines on the technical scope of Article 5(3) of the Directive on Privacy and Electronic Communications, during its 87th plenary meeting.
  • UK’s Information Commissioner’s Office published the findings of its assessment of the data protection practices of the UK private investigation and tracing agent sector.
  • UK’s Information Commissioner’s Office launched a public consultation on its guidance on transparency in the health and social care sector.
  • The European Parliament announced the adoptions of the Data Act, which now awaits formal approval by the Council of the European Union to become law.
  • The European Data Protection Supervisor signed a Memorandum of Understanding with UK’s Information Commissioner’s Office, reinforcing their shared aim to safeguard individuals’ data and privacy rights.


  • New York Attorney agreed to a settlement of USD 450,000 with US Radiology Specialists, Inc., for violations of the Executive Law and the General Business Law, following a data breach.
  • Cybersecurity and Infrastructure Security Agency announced the release of its first Roadmap for Artificial Intelligence.
  • Office of Privacy and Civil Liberties announced the first panel of judges appointed to the Data Protection Review Court.
  • Governor of New York announced proposed cybersecurity regulations for hospitals to help safeguard healthcare networks and systems, as a complement to the Health Insurance Portability and Accountability Act of 1996.
  • The California Privacy Protection Agency released a revised draft Cybersecurity Audit Regulations.


  • Office of the Australian Information Commissioner commenced a civil penalty proceeding in the Federal Court against Australian Clinical Labs Limited for breach of the Privacy Act 1988, following a data breach. 
  • Thailand’s Personal Data Protection Committee released draft regulations on international data transfers for public consultation.
  • Reserve Bank of India published a Master Direction on Information Technology Governance, Risk, Controls, and Assurance Practices, that will come into effect from April 1, 2024.
  • Singapore’s Personal Data Protection Commission issued a fine of SGD 10,000 to Ascentis Pte. Ltd., for violation of the Personal Data Protection Act, following a security incident.
  • China’s National Information Security Standardization Technical Committee requested public comments on the draft Cybersecurity Standard Practice Guidelines – Guangdong-Hong Kong-Macau Greater Bay Area Cross Border Personal Information Protection Requirements.

Read our digital newsletter here.