Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

POLAND—DPA vs. Google on the Information Security Administrator
The Supreme Administrative Court, in its judgment of 21 February, supported the position adopted by the Polish Data Protection Authority (DPA) in its decision issued towards Google, Inc. Read More
UK—ICO Issues 50,000 GBP Fine for Unsolicited Calls
The Information Commissioner’s Office has fined home improvement company Amber Windows 50,000 GBP after an investigation discovered they had made unsolicited marketing calls to individuals who had registered with the Telephone Preference Service. Read More
UK—ICO Publishes Plans for 2014-17
The UK Information Commissioner’s Office has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation. Read More
UK—Disclosure and Barring Service Warned After Collecting Unnecessary Sensitive Data
The UK Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks. Read More
FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
Privacy News (March 1, 2007)
Results of a survey sponsored by EpicTide, a provider of security solutions for the healthcare industry, yielded some interesting findings about consumer awareness of medical identity theft and patient safety concerns.
UPDATE: Statutory Review of PIPEDA - Interview By Nymity (March 1, 2007)
The Standing Committee on Access to Information, Privacy and Ethics is currently conducting interviews in preparation for a report to Parliament on changes to Canada's Personal Information Protection and Electronics Document Act (PIPEDA).
IAPP in the News (March 1, 2007)
Harriet Pearson, CIPP, VP of Corporate Affairs & Chief Privacy Officer, IBM Corporation, and an IAPP board member, recently testified before a House subcommittee during a hearing on "Protecting Workers from Genetic Discrimination."
Regulator Chat (March 1, 2007)
The Privacy Advisor Interviews Richard Thomas, the UK's Information Commissioner and a Keynote Speaker at the IAPP Privacy Summit 07, about his Priorities and Accomplishments
Ask the Privacy Expert (March 1, 2007)
n the U.S. there are some statutory and regulatory restrictions on sending promotional messages to cell phones and other wireless devices. (Much of the impetus for regulation arose from the fact that consumers have to pay to receive these messages.)
An Interview with an Expert on India and Outsourcing (March 1, 2007)
Sagi Leizerov, Ph.D., CIPP, is a Senior Manager with Ernst & Young LLP. He helps lead the firm's Privacy Assurance and Advisory Services Practice. Leizerov interviews Mark Kobayashi-Hillary, a London-based advisor, writer and researcher who wrote Outsourcing to India:
Notes from the Executive Director (March 1, 2007)
As part of the IAPP's international commitment, we are proud to announce the launch of our inaugural European delegate tour. While details are still in the works, the delegate tour is a unique opportunity for IAPP members to participate in a series of special events in London, Paris and Berlin. Scheduled for June, the tour is expected to give privacy pros an opportunity to compare notes with our European colleagues in each city during KnowledgeNet meetings, workshops with data protection authorities and networking opportunities.
Enabling Data-Centric Security (March 1, 2007)
Your organization needs to comply with privacy regulations. Your board of directors knows the business needs to protect sensitive information as it moves among business partners, mobile users and your enterprise. Yet security technologies such as encryption are far too complex and far too difficult to deploy on a broad scale.
Merchants Can No Longer Ignore the PCI Data Security Standard (March 1, 2007)
Credit card data is a primary target for identity thieves because it is easily exploited in fraudulent transactions and it is often all-too-accessible. In the absence of a U.S. law that imposes a general obligation on businesses to safeguard credit card information and other sensitive customer data, the credit card associations took matters into their own hands by adopting the Payment Card Industry (PCI) Data Security Standard (DSS) in 2005. In recent months, support for the PCI Data Security Standard appears to be gaining momentum with the issuance of an updated version of the standard.