IT Security & Privacy

Gucci, Balenciaga & Alexander McQueen Data Ransomed by Hackers in Growing Wave of Fashion Breaches

Millions of customers of luxury fashion houses Gucci, Balenciaga, and Alexander McQueen may have had their personal details compromised after a cyberattack targeting their parent company, Kering, according to a report from the BBC.

EDPB Issues First Guidelines on Interplay Between the DSA & GDPR

The European Data Protection Board (EDPB) has adopted its first set of guidelines clarifying how the EU’s General Data Protection Regulation (GDPR) aligns with obligations under the Digital Services Act (DSA). The move marks a significant step in creating a coherent digital rulebook across the European Union.

States Band Together to Call Out Businesses Dodging Privacy Opt-Outs

Privacy regulators in California, Colorado, and Connecticut are tightening the screws on companies that still aren’t getting the message. The California Privacy Protection Agency (CPPA) joined with the Attorney Generals of California, Conneticut, and Colorado states in announcing a joint sweep of businesses suspected of ignoring Global Privacy Control (GPC) signals, the simple browser setting that tells companies to stop selling or sharing a consumer’s personal information.

South Korea’s Privacy Regulator Hits SK Telecom with $99.9 Million Sanction over Massive Data Breach

South Korea’s Personal Information Protection Commission (PIPC) has imposed one of the country’s largest-ever privacy penalties on SK Telecom (SKT), ordering the mobile carrier to pay $99.9 million (KRW 134.8 billion) after a series of failures that exposed the personal information of more than 23 million subscribers.

Disney to Pay $10 Million in FTC Settlement Over Children’s Data Collection on YouTube

Disney will pay $10 million to settle allegations from the Federal Trade Commission (FTC) that it violated children’s online privacy protections by mislabeling YouTube videos, allowing the unlawful collection of personal data from under-13 viewers. The case not only imposes a financial penalty on one of the biggest names in entertainment but also signals a shift in how regulators expect companies to safeguard kids’ online experiences.

Furniture Retail Chain Fined in GDPR Ruling

The Western High Court in Denmark has imposed a fine of $216,000 (DKK 1.5 million) on ILVA, a Danish furniture retail chain known for its Scandinavian-style home furnishings, for violating the General Data Protection Regulation (GDPR). The ruling establishes an important precedent for how fines against companies are calculated.

Axiom GRC Acquires The DPO Centre to Strengthen Data Protection Capabilities

Axiom GRC has announced the acquisition of The DPO Centre, a leading UK-based provider of outsourced Data Protection Officer (DPO) and privacy services. The deal underscores the growing importance of data protection expertise as organizations face heightened regulatory and technological risks.