Search Articles

Search through our archive of curated compliance and cybersecurity news.

Found 6 results for "GDPR"

Clear search

Cybercriminals set sites on identities

Feb 04, 2026 CSO Online data breach

The article discusses cybercriminals targeting personal identities, indicating a data breach or identity theft campaign. Organizations handling personal data face increased risk of regulatory violations across multiple compliance frameworks. This ...

My Take: If you're still treating identity data like any other PII, you're behind. The regulatory pain from an identity breach is now the least of your problems—credential stuffing, account takeovers, and synthetic identity fraud will cost you more than any GDPR fine.

From digest: 2026-05

Ireland Proposes Giving Police New Digital Surveillance Powers

Jan 26, 2026 Schneier on Security regulation update

The Irish government is proposing new legislation that would grant police expanded digital surveillance powers, including the ability to intercept encrypted communications and legally use spyware. This development has significant implications for ...

My Take: If this passes, expect a mess of conflicting obligations between government access demands and your GDPR Article 32 security requirements. The real headache won't be the law itself—it'll be explaining to your EU customers why Irish-hosted data suddenly comes with a state surveillance asterisk.

From digest: 2026-04

Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses

Jan 23, 2026 SecurityWeek data breach

Under Armour is investigating a data breach affecting approximately 72 million customers' email addresses and personal information (names, genders, birthdates, ZIP codes), discovered late last year. The company states no evidence suggests password...

My Take: "Discovered late last year" and we're hearing about it now? The breach itself is garden-variety PII exposure, but the disclosure timeline is the compliance risk that'll actually bite them—especially under GDPR's 72-hour clock.

From digest: 2026-04

AI-Powered Surveillance in Schools

Jan 19, 2026 Schneier on Security data breach

Beverly Hills High School has implemented extensive AI-powered surveillance systems including facial recognition, behavioral analysis, audio monitoring, and license plate readers. This raises significant privacy concerns regarding the collection a...

My Take: If you're running a school and think "let's add facial recognition" is simpler than "let's write a proper data processing impact assessment," you're about to learn an expensive lesson about GDPR Article 35 and CCPA's sensitive data requirements. This is a compliance nightmare masquerading as a safety solution—minors' biometric data has the highest regulatory bar for a reason.

From digest: 2026-03

Flock Exposes Its AI-Enabled Surveillance Cameras

Jan 02, 2026 Schneier on Security security incident

Flock's AI-enabled Condor surveillance cameras have been exposed for capturing and tracking individuals in public spaces with high-resolution facial recognition and behavioral monitoring capabilities. The incident reveals potential privacy violati...

My Take: The "AI-enabled" framing is doing a lot of work here to distract from what this actually is: mass biometric surveillance without meaningful consent mechanisms. If you're deploying anything that captures biometric data in public-facing environments, your legal team should be having very uncomfortable conversations about BIPA, GDPR Article 9, and whether "legitimate interest" will hold up when the class actions start rolling in.

From digest: 2026-01

The biggest cybersecurity and cyberattack stories of 2025

Jan 01, 2026 BleepingComputer security incident

This article summarizes major cybersecurity incidents and cyberattacks from 2025, including the PornHub data breach affecting 200+ million subscribers and widespread ClickFix social engineering attacks targeting multiple platforms. The incidents i...

My Take: The PornHub breach is a nightmare scenario for privacy teams—GDPR fines aside, good luck explaining to your board why you're managing *that* kind of sensitive data without defense-in-depth. ClickFix attacks are the reminder that your security awareness training needs to catch up to 2025: users don't click attachments anymore, they're copying malicious commands because a fake CAPTCHA told them to.

From digest: 2026-01