Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Nymity's Short Notice Guide - Privacy Fact Statements (September 1, 2006)
A short notice is a summary of an organization's privacy policies and procedures that is made available to consumers. Short notices are usually used when there are physical limitations to providing full notice, for example in coupons, marketing forms, surveys or customer mailers; to provide clarity to a consumer with a summary of the key elements in a readily available full notice (recommended); or when an organization chooses not to be transparent about its privacy policies and procedures and instead provides the minimal information believed to be required (not recommended).
Q&A: Ask the Privacy Expert - ListServs Serve Up Solutions (September 1, 2006)
Kudos to those who are taking advantage of the IAPP's Working Group ListServs! With a focus on addressing challenges in distinct industry sectors, The Privacy Advisor will now share informative Working Group Questions and Answers to benefit the broader membership.
The Puck Drops Next Month On Privacy for the IAPP's Academy in Toronto (September 1, 2006)
Interest in the IAPP Privacy Academy 2006 continues to build impressively for the first conference the IAPP has ever hosted outside the U.S. At the current pace of registrations, we expect the Toronto Academy to surpass the attendance of any IAPP conference to date.
An Interview with the Experts on the Cost of Ensuring Security of Data (September 1, 2006)
Featuring: Avivah Litan, Vice President and distinguished analyst at Gartner Group, with a fifteen-year professional background at the World Bank as a senior manager. She was a consultant for two years at Booz, Allen Hamilton and also spent a year as a systems analyst at Sperry Univac; she also has 26 years of experience in the IT industry, specifically in security and privacy issues.

Florida Bank to Pay $50 Million to Settle Class Action Suit (September 1, 2006)
Fidelity Federal Bank & Trust of West Palm Beach will pay $50 million as the result of a recent a class-action settlement.
Markle Task Force Releases Report on Mobilizing Information to Prevent Terrorism (September 1, 2006)
The Task Force's recently released report titled "Mobilizing Information to Prevent Terrorism: Accelerating Development of a Trusted Information Sharing Environment" recommends new concepts that reconcile national security needs with civil liberties requirements.
Web Watch - Potential Privacy and Security Issues in Outsourcing Web Application Development (September 1, 2006)
As IT budgets continue to be squeezed and organizations struggle to find new ways to grow and innovate, outsourcing moves higher on the CIO's "to do" list. The privacy and security implication of outsourcing relationships is a growing concern for many organizations. Most of this discussion on this topic has focused on the transfer and handling of personal data but one area that has not been well-documented is Web application development. Gartner Inc. cites 75 percent of all attacks on information security are directed at the application level.
American Health Information Community Announces New Work Group (September 1, 2006)
AHIC, a federal advisory panel created by the U.S. Department of Health and Human Services Secretary Mike Leavitt, now divides its research activities between five work groups. The newly formed Confidentiality, Privacy and Security Work Group will focus its efforts on advancing a nationwide network of health information technology.
Showcasing the CPO (September 1, 2006)
When interviewing Harriet Pearson, IBM's Chief Privacy Officer and IAPP Board Member, reporter Elizabeth Agnvall made it clear "it would be difficult to describe Harriet Pearson's job as dull."
IAPP Board Members Speak Out on the Future of the Privacy Officer (September 1, 2006)
IAPP Board Members Kimberly Gray, CIPP, and Kirk Nahra, CIPP, were recently interviewed by the Report on Patient Privacy for a September article titled, "As Focus Shifts to Electronic Records, Will Privacy Officers Be the 'Odd Man Out' ?"
Sometimes the Tail Has to Wag the Dog (September 1, 2006)
Vendors that provide Internet technology products or services sometimes find themselves in the strange position of suggesting that changes be made in their clients' Web site privacy policies. As Privacy Compliance Officer for a company that has, over the years, offered ad-serving, volume email delivery, Web site analytics and search technologies, among other services, I have had to explain to our clients why our contracts require them to disclose in their privacy policies their use of our technologies.
The German Data Protection Implications of International Group-Wide HR Databases (September 1, 2006)
Many German companies intend to introduce, or already have in place, IT-based systems for administrating their employee relationships. Apart from the storage of the employee's basic data (i.e., name, address etc.), such databases often serve further purposes, such as the recording of the employee's work hours and reviews of their performance. In groups of companies, these databases are mostly centralized.
Notes from the Executive Director (September 1, 2006)
By now, most of you have likely heard the news that one of the pioneers of privacy, Alan F. Westin, has decided to cease the operations of Privacy & American Business (P&AB). ... The IAPP recognized Dr. Westin's contributions to the field of privacy over his entire career with the 2005 Privacy Leadership Award.
Close-Up on Privacy Notices Workshop at the IAPP Privacy Academy 2006: A White Paper on Nymity's Short Notice Guide (September 1, 2006)
The White Paper on Nymity's Short Notice Guide will provide some preliminary background for attendees of the IAPP Privacy Academy 2006 in Toronto who plan to attend the advanced session, "Simplified Privacy Notices Workshop."