Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Federal District Court Rejects FTC Opinion on Attorneys' Gramm-Leach-Bliley Act Coverage (August 1, 2003)
On August 11, 2003, the U.S. District Court for the District of Columbia issued a lengthy ruling in the suit brought by the American Bar Association (and other bar groups) against the Federal Trade Commission challenging the FTC's position that attorneys were subject to the privacy notification provisions of the 1999 Gramm-Leach-Bliley Act. (N.Y. State Bar Ass'n v. FTC, Civ. Actions 02-810 and 02-1883, 2003 LEXIS 13939). In denying the FTC's motion for summary judgment dismissing the bar associations' complaint, the court gave the FTC a refresher course in the basics of statutory interpretation.
Authentication Is Necessary for Ensuring Transaction Privacy and Security (August 1, 2003)
Adequate authentication of relevant parties is needed before a trusted transaction can be completed online.
Binding Corporate Rules: The Answer to Global Processing? (August 1, 2003)
Article 25 of the 1995 directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data placed a controversial requirement on the governments of EU member states: to ban the transfer of personal data to any country outside the European Union unless that third country ensures an adequate level of privacy protection.
The FTC and Online Privacy: Where are We Now? (August 1, 2003)
The Federal Trade Commission became active in protecting the privacy of Internet users in the late 1990s. Rather than promulgate a policy setting rules for the collection, use, and disclosure of users' information by Web sites, or recommend legislation to Congress, and except for the Children's Online Privacy Protection Act of 1998, the FTC adopted a policy of enforcing the privacy policies announced by the Web sites themselves.
New Rules for Fax Advertising (August 1, 2003)
The federal Telephone Consumer Protection Act prohibits the transmission of an advertisement to a business's or individual's fax machine without the prior express permission or invitation of the recipient. The act directed the Federal Communications Commission to promulgate a rule implementing this and other provisions of the act.
Privacy Audits Can Help Identify Cross-Border Data Transfer Conflicts (August 1, 2003)
Privacy officers face increasing challenges as data protection laws, enacted to protect personally identifiable information (PII), proliferate.
Dale Skivington, Chief Privacy Officer, Kodak (August 1, 2003)
Dale E. Skivington is Kodak's chief privacy officer and as such has worldwide responsibility for company policies relating to consumer, employee and supplier privacy. She is also a member of the Employment and Personnel Law Legal Staff at Kodak, chaired the New York State Business Council's Labor and Human Resources committee, and also served on the New York Governor's Task Force on Independent Contractors and on the Governor's Task Force on Sexual Harassment.
Password or PKI? (August 1, 2003)
Public Key Infrastructure — PKI — hasn't had good press in recent months. After a lot of early hype, PKI's reputation has been tarnished as a technology that is too complicated and too expensive, requiring high levels of control and management.
Notes from the Executive Director (August 1, 2003)
There's plenty to talk about in the world of privacy these days and the best place to keep ahead of these developments is IAPP's upcoming Privacy Academy.