The CPPA Audits Division Arrives: What California's First CCPA Compliance Audits Mean in 2026
California's privacy regulator has built a dedicated Audits Division and says to expect CCPA compliance audits in 2026 โ including unannounced ones. H...
Compliance & Regulatory Articles
776 articles on privacy laws, security frameworks, and regulatory compliance.
Colorado Hits Reset: How SB 189 Repealed the Nation's First AI Act Before It Ever Took Effect
On May 14, 2026, Governor Jared Polis signed SB 189, repealing and replacing the landmark Colorado AI Act weeks before its June 30 effective date. The...
What Actually Comes Due on August 2, 2026: EU AI Act Article 50 Transparency and the Digital Omnibus Reset
August 2, 2026 was supposed to be the EU AI Act's biggest enforcement milestone. The Digital Omnibus, provisionally agreed on May 7, 2026, has split t...
Personally on the Hook: The NIS2 October 2026 Deadline, DORA Enforcement, and Management-Body Liability
With the NIS2 compliance deadline culminating in October 2026 and DORA in its first real supervisory enforcement cycle, both regimes now place persona...
The โฌ7.1 Billion Reckoning: GDPR Enforcement at the 2026 Midpoint
Cumulative GDPR fines have crossed โฌ7.1 billion, regulators are processing 443 breach reports a day, and H1 2026 alone has already produced more than ...
FTC's 10-Year Order Against Illuminate Education: How Long-Duration Infosec Mandates Became the Real Teeth of Edtech Data Enforcement (2026)
On June 5, 2026, the FTC finalized a 10-year information-security order against edtech vendor Illuminate Education after a breach exposed data on 10.1...
FTC v. Kochava: The Data-Broker Reckoning Over Sensitive Geolocation Data (2026)
The FTC's long-running case against data broker Kochava ended in a sweeping ban on selling sensitive location data without affirmative express consent...
One Day, Three Continents of Obligation: The June 26, 2026 Breach Cluster and the Fragmented Map of Data-Breach Law
On June 26, 2026, breach disclosures surfaced for MagMutual Insurance, 911 Driving School, and Germany's Atlas Elektronik on the same day. The three i...
Moody Bible Institute Breach: ShinyHunters, 46 Million Records, and the FERPA Gaps Education Keeps Ignoring (2026)
ShinyHunters claims to have stolen 23+ GB from Moody Bible Institute, including roughly 46 million communication records, 2.2 million enrollment-lead ...
iRhythm's Zio Breach: When a Help-Desk Phone Call Exposes Cardiac Patient Data Under HIPAA (2026)
In June 2026, attackers used social engineering to break into third-party-hosted business applications at iRhythm Holdings, maker of the Zio cardiac p...
MSG Sports and the ShinyHunters Breach: How 26 Million Records and a Single Vishing Call Triggered a Compliance Crisis in 2026
In June 2026, the cybercrime group ShinyHunters breached Madison Square Garden Sports and affiliated MSG entities, claiming more than 26 million custo...
Your Name on the Line: California's CCPA Rules Put Executives Personally on the Hook for Risk Assessments
Under California's finalized CCPA regulations, a business's risk assessments must be certified by a member of executive management, and that named ind...
Showing 12 of 776 articles
Load More →