Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
It's Time to Comply with COPPA (October 1, 2006)
The Children's Online Privacy Protection Act (COPPA), which became effective April 21, 2000, was designed to introduce parents into the decision-making equation and place them in control over what information is collected online from their children. Parents were to be given the final say on which sites their children would be allowed to personally interact with, and what information they could disclose.
Notes from the Executive Director (October 1, 2006)
HP's reputation for its consumer privacy practices is reflected in the recognition the company received earlier this year from TRUSTe and The Ponemon Institute, which awarded HP with The Most Trusted Company for Privacy Award.
Dana Rosenfeld Named Privacy Ombudsman for Tower Records Bankruptcy Case (October 1, 2006)
Dana Rosenfeld, former assistant director of the FTC's Bureau of Consumer Protection and now counsel with Bryan Cave LLP, will serve as the consumer privacy ombudsman for the Tower Records Chapter 11 case.
Maxamine, TRUSTe Announce Strategic Alliance (October 1, 2006)
Maxamine and TRUSTe have partnered to provide unprecedented levels of privacy assurance with solutions optimized for today's increasingly sophisticated, dynamic and rapidly growing Web environments. The result of this alliance will effectively automate much of the privacy compliance monitoring of the more than 2,400 TRUSTe-certified Web sites, according to the news release announcing the effort.
Bank of America, JP Morgan Chase, Washington Mutual Receive Recognition as Highest-Rated Consumer ID Theft Protectors (October 1, 2006)
Javelin Strategy & Research released the results of its Banking Identity Safety Scorecard in San Francisco at the Identity Theft and Fraud Symposium sponsored by American Banker. Twenty-four of the country's top financial institutions, which collectively hold more than 60 percent of the nationwide banking market, were rated on their ability to prevent, detect and resolve consumer ID theft in partnership with customers. The highest overall ranking recognition went to Bank of America, closely followed by JP Morgan Chase and Washington Mutual.
Zoe Strickland Joins Wal-Mart as the Company's First CPO (October 1, 2006)
Formerly with the U.S. Postal Service as its first CPO, Zoe Strickland, CIPP/G, recently joined Wal-Mart Headquarters as the retail giant's first Vice President, Chief Privacy Officer.
Gregory Garcia Appointed First DHS Cybersecurity Czar (October 1, 2006)
Homeland Security Secretary Michael Chertoff has appointed Gregory Garcia to serve as the agency's first Assistant Secretary for Cybersecurity and Telecommunications.
Study Finds Canadian Privacy Laws Are Working (October 1, 2006)
Canada NewsWire cites the new 2006 Nymity Trends in Transparency Report as a testament to corporate Canada's compliance with privacy law requirements to protect personal information.
Australian, New Zealand Privacy Chiefs Collaborate on Privacy (October 1, 2006)
The Australian and New Zealand Privacy Commissioners have signed an agreement to allow for cooperation between their offices on privacy-related issues, including cross-border complaints and joint investigations. This agreement fosters cooperative agreements as set forth in the APEC Privacy Framework, OECD Guidelines Governing the Protection and Transborder Flows of Personal Data, and the Asia Pacific Privacy Authorities Forum.
Nine Founding Partners Join ANSI and BBB to Form Identity Theft Prevention and Identity Management Standards Panel (October 1, 2006)
The American National Standards Institute (ANSI) and the Better Business Bureau (BBB) recently announced a cross-sector team partnership to prevent and respond to identity theft and fraud through a single resource of standards and guidelines. The nine founding, high-profile partners are: AT&T, Citi, ChoicePoint, Dell Inc., Intersections Inc., Microsoft, Staples Inc., TransUnion and Visa U.S.A.
White House ID Theft Task Force Issues Interim Recommendations (October 1, 2006)
President Bush's Identity Theft Task Force has released its interim recommendations. Comprised of 17 federal agencies and departments, the nation's first-ever Identity Theft Task Force was created as a result of the President's May 10 Executive Order.
IAPP In the News (October 1, 2006)
BNA's recent news coverage of the IAPP Audio Conference on the Junk Fax Prevention Act Implementation strongly suggests that those who engage in fax advertising must fully understand and comply with the FCC's new no-fax rules. Erica McMahon, chief of the FCC's Consumer Policy Division, said during the audio conference, "We receive 40-50,000 complaints about junk faxes every year, and we received 14,000 complaints in the first quarter of 2006. This is a problem that consumers take seriously, and we are determined to enforce the rules."
Privacy News (October 1, 2006)
President Bush's Identity Theft Task Force has released its interim recommendations. Comprised of 17 federal agencies and departments, the nation's first-ever Identity Theft Task Force was created as a result of the President's May 10 Executive Order.
New Appellate Court Ruling May Foster HIPAA Litigation (October 1, 2006)
As privacy advocates, class action lawyers, interested consumers and others struggle to find means of enforcing privacy obligations in the courts, judges grapple with the question of whether entities that violate privacy laws properly face private damages liability. Because most national privacy rules (notably HIPAA and Gramm-Leach-Bliley) contain no private cause of action, plaintiffs struggle to find creative ways to sue over such privacy and security violations.
The Insider Threat: How to Ensure Information Security & Mitigate Privacy Breach Risks (October 1, 2006)
Organizations invest huge resources developing security policies and procuring protective technologies that point outwards at hackers, spyware and viruses. However, organizations are beginning to realize that there is another aspect to data security - the inside-out leakage of information. Not only do organizations need to worry about the release of valuable intellectual property, but they also face increased regulation and oversight on issues ranging from consumer privacy to financial disclosure. Companies are juggling all of this in an atmosphere of government and consumer mistrust of business.
"Do-Not-Call" List Marks Third Anniversary (October 1, 2006)
The National Do-Not-Call Registry recently passed its third anniversary. The first numbers were entered on the list on June 27, 2003. Few developments have had such a major impact on telemarketing in such a relatively short time.
Regulator Chat (October 1, 2006)
The Privacy Advisor recently interviewed Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario, about her priorities and accomplishments.
A Q&A with Dr. Martha Rogers, IAPP Privacy Academy 2006 Keynote Speaker (October 1, 2006)
The Privacy Advisor interviewed Dr. Martha Rogers, one of the world's leading experts on customer-based business strategies and growing customer value.
Notes from the Executive Director (October 1, 2006)
I know HP to be a company that values privacy enormously. They have a full contingent of privacy professionals distributed around the world - many of whom are Certified Information Privacy Professionals. These dedicated privacy teams have implemented policies and procedures to ensure that business operations function using best-in-class standards. HP's reputation for its consumer privacy practices is reflected in the recognition the company received earlier this year from TRUSTe and The Ponemon Institute, which awarded HP with The Most Trusted Company for Privacy Award.