DOJ Data Security Program Compliance Deadline (Oct 6): The U.S. Department of Justice’s new rule restricting transfers of sensitive data to “countries of concern” took effect. Companies must now reassess vendor due diligence and data-flow controls. Cooley LLP

State-Level Privacy Enforcement Ramps Up: California, Colorado, and Connecticut AGs coordinated several enforcement actions this fall, showing growing alignment among U.S. privacy regimes. MMMLaw

Capita fined £14 million by ICO: The U.K. ICO imposed a £14 million penalty after a data breach affecting over 6 million people — a sharp reminder of the cost of weak security and poor vendor oversight. ICO Official Release

Germany rejects EU “Chat Control” proposal: Germany refused to support the EU’s plan to scan private messages, defending end-to-end encryption and digital rights. TechRadar

PDPC issues enforcement undertakings: Two organisations were required to improve security and appoint Data Protection Officers, reinforcing Singapore’s proactive PDPA oversight. PDPC Singapore

Draft Decree under Personal Data Protection Law: Vietnam published its draft decree clarifying consent, sensitive-data rules, and cross-border transfers — a big step in regional privacy reform.  EY Vietnam Legal Alert

Quarterly Privacy & Cybersecurity Review (20 Oct): Eversheds Sutherland’s global update covers EU, U.S., Asia, and Middle East developments — one of the most complete round-ups this quarter.  Eversheds Sutherland

Online Safety Roundup (23 Oct): Digital Policy Alert’s report tracks more than 70 global policy moves on privacy, child safety, and AI governance. Digital Policy Alert