Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Implementing the APEC Privacy Framework: A New Approach (December 1, 2005)
The Asia-Pacific Economic Cooperation forum comprises 21 economies around the Pacific Ocean, including very significant economies such as the United States, Canada, China, Japan, South Korea, Australia and others. APEC Ministers have endorsed an APEC Privacy Framework.The Framework is a different document from the EU Privacy Directive.
IAPP Participates as Education Sponsor of Infosecurity New York (December 1, 2005)
IAPP leadership, staff and members attended Infosecurity New York in December. The event attracted many hundreds of security and privacy professionals attendees to the Jacob K. Javits Convention Center in New York City. Now in its fifth year, the conference consisted of more than eighty tracks on the top security topics, including emerging threats, compliance, wireless security and privacy. The IAPP hosted nine track sessions on timely issues of identity theft legislation, the privacy implications of data breaches, privacy and national security and online privacy issues such as spam and spyware.
Obstacles and recommendations for compliance, global dependencies, business demands (December 1, 2005)
Read about obstacles and recommendations when it comes to compliance, global dependencies, business demands and organizational alignment.
New IAPP Faces (December 1, 2005)
The IAPP is fortunate to have Margie Lesage come aboard after this New England native moved from the mountains of New Hampshire to the Maine Coast.
"It was a longtime dream to live in York," said Margie, who became the IAPP's Office Manager in October when Jen Chapman moved into a new position as Registrar. Margie set sail for the coast after a 10-year career with Sport Graphics in West Boylston, Mass., a sports photography company that specializes in regattas.
Notes from the Executive Director (December 1, 2005)
As 2005 draws to a close, we will remember this year for the multitude of data breaches because they have led to dramatic enlightenment about the privacy pro's core mission and critical importance in the marketplace — here and internationally as well. With more than 80 data breaches this year, some U.S. lawmakers and regulators have been clamoring for bills to give consumers some protection from the escalating incidents. More than a dozen bills have been introduced in Congress this year and 32 state legislatures have proposed legislation to help protect consumers.
Business Risks of Cross-Border Transfers of Personal Information to the United States (December 1, 2005)
As a Canadian, ask yourself these questions: "Would you like your personal information reviewed by a U.S. law authority, say the FBI?", "Would you like your purchasing habits, your medical information, your resume, accumulated and accessed by U.S. government agencies?"
Acxiom Strengthens Its Privacy Leadership (December 1, 2005)
Acxiom® Corp. has made several significant leadership appointments as part of its continuing efforts to protect data privacy and security. The company's Chief Privacy Officer Jennifer Barrett has been named Global Privacy Officer. Sheila Colclasure, business leader for privacy practices and solutions, will assume the role of privacy officer for North and South America. Barbara Sullivan, privacy leader for Australia and New Zealand, has been named chief privacy officer for Asia.
Business Risk Related to Providing Notice (December 1, 2005)
Read the questions corporate Canada has to ask on the business risk related to providing notice. Questions include: "What are the risks associated with providing notice to our customers that we transfer their personal information to the U.S.?" "Do we really want to explain to Canadians, or to the media, that their personal information is accessible by U.S. law authorities?"

Guardium, Inc. Joins Data Governance Council Formed By IBM (December 1, 2005)
Guardium, Inc., a leading provider of database security, audit and compliance solutions, has joined the Data Governance Council, a group formed by IBM along with dozens of leading corporations, institutions and technology solution providers. The Council is working to redefine the management of data governance policy, the impact of policy on business processes and practices, and the enforcement of IT infrastructure, information management and organizational behavior. Council members are collaborating on ways to address these issues using IBM and business partner solutions and concepts.
Business Survey Results At A Glance (December 1, 2005)
During an Internal Governance Session in the Second Seminar, an informal survey of a limited number of businesses found that.
Close Up On… States Gearing Up for 2006 Sessions (December 1, 2005)
Lawmakers have begun to pre-file legislation on a myriad of issues in preparation of the 2006 legislative season during which 44 states are scheduled to meet. The 2006 season will begin January 2 when the opening gavel falls in Ohio. All but six states begin their deliberations in January and North Carolina is the final state scheduled to convene with a session set to start May 9.
World Economic Forum Selects Voltage Security as 2006 Technology Pioneer (December 1, 2005)
The World Economic Forum has selected Voltage Security, Inc. as a technology Pioneer for 2006 based on its award-winning technology, Voltage IBE. The Identity-Based Encryption, which greatly simplifies the protection of information, whether it is on servers, laptops or in transit via email, is a public key cryptography system that uses common identities as public keys, eliminating the need for certificates, Certificate Revocation Lists and other costly infrastructure.
Congratulations to our Graduates! (December 1, 2005)
Congratulations to our Graduates! See the list of IAPP recent graduates of the Certified Information Privacy Professional (CIPP) and Certified Information Privacy Professional/Government (CIPP/G) credentialing programs.
Consumers Still Don't Trust the Internet (December 1, 2005)
It just keeps coming, doesn't it? Consumers increasingly are voicing their concerns about online commerce and marketing, and every month or two brings more data about how they are responding to security and privacy concerns. Recently, Consumer Reports WebWatch brought out a new study, "Leap of Faith:Using the Internet Despite the Dangers." The title is ominous enough — and the report upholds some earlier pessimistic observations about Internet behavior.
Web Watch - Complying With New Data Security Standards Will Help Keep Consumers Safe This Season (December 1, 2005)
It is no secret that privacy and security issues are a real concern for today's consumer. Consumer trust is critical to a company's bottom line. With the arrival of the holiday shopping season, online retailers are gearing up for their busiest time of the year. But this season, merchants need to take extra steps to fine-tune their Web sites.
Ernst & Young's Global Information Security Survey 2005 Reveals Compliance Concerns Top Tactical Threats (December 1, 2005)
Ernst & Young (E&Y) has conducted its eighth annual Global Information Security Survey (GISS) to uncover the security and privacy vulnerabilities in companies, including phishing, identity theft, SQL injections and basic social engineering. The survey uncovered a gap that continues to widen between the operational capabilities and compliance risks facing companies, and sought to understand the current actions taken by their information security organizations. This is the first year that we have seen compliance concerns trump the more tactical threats, such as viruses, worms and vulnerability management.