Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Janet McCoy, Senior Vice President and CPO, Sovereign Bank (September 1, 2003)
Janet McCoy serves as chief privacy officer for Sovereign Bank. As the bank's chief privacy officer, McCoy is responsible for developing and implementing Sovereign's policy on customer privacy and oversees the integration of all privacy-related initiatives throughout Sovereign. McCoy also serves as director of strategic plan management for the community banking division, where she is currently focused on customer service initiatives.
Computer Recycling and Data Destruction:Are You Legally Prepared? (September 1, 2003)
As the health care industry continues to prepare for compliance with the Health Insurance Portability and Accountability Act, two new and challenging obstacles are emerging: safe and legal disposal of outdated computer equipment, and digital or physical data destruction of patient information. Computer equipment comes in the form of computer monitors, hard drives, printers, copiers, and so on. In the past, this equipment may have been placed into storage, donated to a school, or sent to the dumpster. All of these methods of disposal do not address the environmental or legal responsibilities of the health care organization in question.

In the Wake of "Do-Not-Call" (September 1, 2003)
The overwhelming response to the National Do Not Call Registry has citizens cheering, marketers jeering, and politicians gearing up for similar efforts aimed at stemming the growing tide of unsolicited e-mail — otherwise known as spam — which many fear will increase in response to "do-not-call."
Privacy Appointments (September 1, 2003)
I recently sat down with Virginia Bartlett, chief privacy and security officer at IMS Health, to get her insight about the privacy profession. After six months at the company, Virginia's advice for newly appointed privacy officers is twofold. First, the relationships within your organization — from top to bottom — are most important. You need to build relationships for the long term. She added, "Remember that people make the policy work."
Protecting the Trust of Consumers and Advertisers (September 1, 2003)
Privacy is a concern that uniquely plagues the online industry. Whereas consumers don't seem to mind when their account balance, in-store transaction, catalog purchase, or magazine subscription information is sold, or that security cameras record their comings and goings, ask them to click a few buttons and fill in a few fields on an online form and hear the outcry.
Consumer Relationships in Virtual Commerce (September 1, 2003)
Be explicit about what information is being captured, how much, and by whom, and even take a strong role in evaluating and potentially blocking much of the data being captured third parties, like ad servers, should take significant steps to actively inform consumers of what data they capture and what they are doing with it.
Sharing Data with Business Partners (September 1, 2003)
Introduce a contractual arrangement for the protection of the data. Similarly, in receiving data from your business partners in order to carry out joint marketing operations, ensure that your database does not receive "polluted" or improperly collected data.
The Cost of Spam (September 1, 2003)
Yankee Group reports that one major Internet service provider spends more than $5 million annually on disk storage for spam.