Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Close Up On… Recent State Action (November 1, 2005)
The House Commerce Committee has replaced a broad spyware bill with language modeled after the California law prior to advancing it out of committee. As passed by the committee on Oct. 19, HB 1697 would make it a felony, subject to 10 years in jail and/or a $25,000 fine, to intentionally copy or install unauthorized "deceptive" software. HB 1697 now goes to the House Floor.
The IAPP's Privacy Academy 2005 Makes Headlines (November 1, 2005)
In a year marked by repeated security breaches that compromised the personal information of millions of people and fueled identity theft crimes and concern, it is no coincidence that the IAPP's membership has increased 100 percent in 2005. This connection, pointed out at the IAPP's Privacy Academy in Las Vegas by Executive Director J. Trevor Hughes, was noted in an article by Privacy & Security Law reporter Barbara Yuill, who attended the Oct. 26-28 event at the Green Valley Ranch Resort & Spa.
Innovation Award Winners Receive Accolades (November 1, 2005)
The announcements at the IAPP's Privacy Academy 2005 of the winners of the HP/IAPP Innovation Award and the IAPP/Deloitte & Touche Vanguard Award generated coverage distributed over the UPI wire.
Successful Meetings Taps The IAPP For ‘Good Policy' On Information Practices (November 1, 2005)
In other IAPP news, Successful Meetings reporter Suzie Amer contacted J. Trevor Hughes, Executive Director of the IAPP, for a story that explored the challenging privacy implications for meeting planners as concerns mount over the protection of personal information. The nature of the industry "makes it especially attractive for data and identity thieves because meeting planners gather large numbers of people and collect all kinds of potentially sensitive data on them."
New Jersey's Identity Theft Prevention Act May Catch You Off-Guard (November 1, 2005)
If your company does business in New Jersey, new laws taking effect Jan. 1, 2006 may require changes to avoid civil and criminal penalties. Acting Governor Richard J. Codey recently signed numerous privacy-related bills, including the "New Jersey Identity Theft Prevention Act," which requires the notification of consumers after a breach.
Microsoft Advocates Comprehensive Federal Privacy Legislation (November 1, 2005)
Microsoft Corp. is supporting federal data privacy legislation, saying the "time has come" for a strong national standard for privacy protection that will benefit consumers and set clear guidelines for businesses while allowing commerce to flourish. Brad Smith, senior vice president and general counsel for Microsoft, explained recently to the Congressional Internet Caucus in Washington that Microsoft supports a comprehensive federal legislative response for three reasons.
TRUSTe Releases New Data Security Guidelines That Include Resources For Planning And Executing Breach Response (November 1, 2005)
TRUSTe has issued a new set of data security guidelines to help companies evaluate new or existing data security policies. The guidelines are available to more than 1,300 TRUSTe privacy seal-holding companies and other organizations committed to responsible handling of private information.
Vontu, Inc. Joins Cyber Security Industry Alliance As Principal Member (November 1, 2005)
The Cyber Security Industry Alliance (CSIA) has announced that Vontu, Inc., a company that offers data loss prevention solutions, will have a "strategic level of participation" in CSIA. Vontu will join other industry leaders to enhance global cyber security through public policy, education, awareness and technology.
New Jersey's Identity Theft Law (November 1, 2005)
Read about New Jersey's new identity theft law provisions, beginning Jan. 1, 2006. Provisions include prohibiting any person, including a public or private entity from: Publicly posting or displaying an individual's Social Security number, or any four or more consecutive numbers taken from an individual's Social Security number; Printing an individual's Social Security number on any card required for the individual to access products or services; or requiring an individual to transmit their Social Security number over the Internet, unless the connection is secure or the Social Security number is encrypted.
Notes from the Executive Director (November 1, 2005)
Privacy professionals generated enormous excitement in Las Vegas last month after taking part in the first-rate education, certification and networking opportunities at the IAPP Privacy Academy 2005. The talent and creativity in the privacy profession are exactly the reasons why the IAPP recognizes the achievements of our colleagues.
Privacy Academy 2005 Wrap Up (November 1, 2005)
The IAPP Privacy Academy at the Green Valley Ranch Resort in Las Vegas brought the IAPP's second major event of the year to the great casino city in an effort to determine: Do the things in that happen in Vegas REALLY stay in Vegas? In addition to exploring key themes of identity management and personal surveillance, The IAPP Privacy Academy offered attendees valuable opportunities to network with each other, educate themselves with the latest developments in privacy law, policy and technology — and become certified in their profession.
Privacy in India (November 1, 2005)
As India becomes a leader in Business Process Outsourcing (BPO), increasing amounts of personal information from other countries are flowing into India. Questions have been raised about the ability of Indian companies to adequately protect this information. Unfortunately, employees of BPO organizations have misused customers' personal information repeatedly.
Privacy and the Paycheck (November 1, 2005)
Read a Q & A between the IAPP's Executive Director J. Trevor Hughes and Dr. Larry Ponemon, founder and president of the Ponemon Institute, on the Exclusive Findings of the Privacy Professional's Role, Function And Salary Survey.