A European Commission committee is reviewing how to define "significant" cybersecurity incidents that must be promptly reported to authorities under NIS2, according to a draft of the discussions reviewed by Euractiv.
The Sri Lanka data protection authority is accepting public comments on the draft rules for personal data breach notifications under the Personal Data Protection Act No. 9 of 2022. The rules will govern when the DPA must be notified about a breach and what information needs to be given about the incident. The consultation period ends 31 Oct.Full story
The 68 member countries of the International Counter Ransomware Initiative reaffirmed a commitment to improving resilience to ransomware attacks and supporting members affected by attacks at the Fourth CRI Gathering in Washington, D.C. New members also joined the four-day meeting, and the U.S. launched a new fund to strengthen members' cybersecurity infrastructure.Full story
The U.K. Information Commissioner's Office announced it issued a 750,000 GBP fine to the Police Service of Northern Ireland after the agency allegedly breached 9,483 employees' personal employment information. Commissioner John Edwards said a "lack of simple internal administration procedures" caused the breach of "an entire workforce."Full story
Harvard students created project I-XRAY, a facial recognition system built into Meta's AI-powered glasses, 404 Media reports. The technology can be used to identify individuals and their personal information, including addresses and phone numbers, in real time.
AI-powered license plate readers are capturing U.S. residents' political information from bumper stickers and lawn signs, Wired reports. The cameras collect and store images in searchable databases in license plate surveillance systems.
The U.S. Federal Communications Commission's data breach settlement with T-Mobile may prove to be more than another enforcement action against a major U.S. telecommunications provider. IAPP Cybersecurity Law Center Managing Director James Dempsey explains how the agency's latest work provides a blueprint of the agency's expectations surrounding telecom cybersecurity standards.Full story
The Information Accountability Foundation announced the appointment of Fred Cate as its new executive director and Stanley Crosley, CIPP/US, CIPM, as chief policy strategist.
Euractiv reports a first draft of the EU Code of Practice for general-purpose AI could be ready 3 Nov., while a European Commission spokesperson indicated a final draft is expected April 2025. The timeline comes after the Commission's consultation on the code received approximately 430 stakeholder comments. The Commission also disclosed disagreements that surfaced between general-purpose AI model developers and various stakeholders during first plenary session for code drafting.
Montana's comprehensive privacy law took force 1 Oct., The Bozeman Daily Chronicle reports. Data subject access rights, required risk assessments, purpose and processing limitations, and a 60-day cure period are among the provisions now effective while required recognition of universal opt-out signals takes effect 1 Jan. 2025. Editor's note: Explore this IAPP tracker on key dates for U.S.