IT Security & Privacy

Beginning the first week of January, the Office of the Australian Information Commissioner (OAIC) will launch its first compliance sweep examining how everyday businesses handle personal information they request directly from customers. Real estate agents at weekend house tours, pharmacy counters offering paperless receipts, and car rental desks asking for IDs are among the common touchpoints now under heightened scrutiny.

After months of pressure on website operators, the Information Commissioner’s Office says more than 95% of the UK’s top 1,000 most-visited websites now meet legal requirements when asking users to consent to advertising cookies. It’s a shift the regulator estimates has given roughly 40 million people, about 80% of the population over 14, much more meaningful say over how companies can track their browsing for targeted ads.

Europe’s top privacy regulator wants online shopping to come with fewer strings attached, specifically unnecessary user accounts. At its latest plenary session on Thursday, the European Data Protection Board (EDPB) adopted new recommendations urging e-commerce companies to let people shop without being pushed into creating accounts that vacuum up personal data.

The UK’s online safety regulator is making an example of adult content providers who still allow children to stumble onto explicit material with little more than a checkbox standing in their way. On Thursday, Ofcom announced a £1 million fine against AVS Group, the operator of 18 adult websites, after concluding the company had failed to put “highly effective” age assurance in place, a new legal requirement under the landmark Online Safety Act.

Ransomware has never been more costly. That’s the message from a new Financial Trend Analysis released Wednesday by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), which found that attackers drained more than $2.1 billion from victims between 2022 and 2024. The report examines ransomware activity by the date of each incident, offering the clearest look yet at how aggressively cybercriminals have scaled their extortion campaigns.

The Information Commissioner’s Office (ICO) has issued a formal reprimand to Post Office Limited after its communications team mistakenly uploaded an un-redacted legal settlement document to the organization’s corporate website. The file (containing the names, home addresses, and postmaster status of 502 individuals involved in the landmark group litigation) was left publicly accessible for nearly eight weeks between April and June 2024.

American Express has landed in the crosshairs of France’s data protection regulator, which says the company repeatedly ignored rules that give internet users control over how they’re tracked online.