Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Career Corner (May 1, 2007)
For organizations large and small, effective privacy and data security management are crucial elements to a healthy business. As all privacy practitioners know, a breakdown in privacy and security controls can damage seriously an organization's reputation with clients, employees and partners. The time and money spent by organizations faced with remediating a privacy breach has amounted to millions of dollars in legal, operational and PR expenses.
Privacy News (May 1, 2007)
Debix, the Identity Protection Network, is warning corporate executives to be aware of identity theft specifically targeted to them.
Web Watch (May 1, 2007)
Michael Weider, CTO of Watchfire, explains the top 10 Web application attacks financial services organizations need to be aware of.
IAPP In the News (May 1, 2007)
The IAPP Board of Directors now includes privacy leaders from Google Inc., Information Integrity Solutions Pty. Ltd., Kelley Drye & Warren and the U.S. Department of Justice. They join existing directors from General Electric Company, Hewitt Associates, Highmark Inc., IBM Corp., Intel, Intuit, Marriott International, Microsoft Corp., Nationwide Insurance Companies, Pfizer Inc., Procter & Gamble, Schering-Plough Corp., the University of Pennsylvania, Walt Disney Company, Wal-Mart, Wiley Rein LLP and Zeno Group.
Experts Explore Impact of New Federal Pretexting Law During IAPP Audio Conference (May 1, 2007)
The Federal Trade Commission (FTC) promises to continue its aggressive enforcement of deceptive and unlawful efforts to obtain consumers' private telephone records, according to an agency official.
A How-To Guide to Information Security Breaches (May 1, 2007)
Contrary to what the headlines suggest, information security breaches are not a new phenomena. What is new is that we are hearing about them in record numbers. While consumers are newly focused on information security due to the emergence of e-commerce, the reason security breaches now seem ubiquitous is a result of the development of a body of state laws requiring companies to notify affected individuals in the event of a breach.
The Debate Over Computerized Health Record Privacy Shifts Toward Privacy Protections (May 1, 2007)
After a 3-year investment to achieve President Bush's mandate to create a national e-medical records system, the focus of the computerized health records discussions in Washington has shifted to privacy protections.
Notes from the Executive Director (May 1, 2007)
After nearly a year of work, the President's Identity Theft Task Force recently issued its comprehensive strategic plan for the government's coordinated approach to fight identity theft. The report documents the challenges that privacy professionals grapple with everyday - whether they work in the public or private sectors.
Defensible Process vs. Tactical Defense (May 1, 2007)
The history of risk management and compliance in the financial services industry offers examples of companies that responded to certain risks in purely tactical ways. In many of these cases, the results were difficult for everyone - consumers were hurt, investors incurred losses, corporations lost brand equity and employees lost opportunities - and sometimes their jobs.
N.H. Pharma Law May Set Precedent for Other States (May 1, 2007)
New Hampshire has become the unlikely front in the latest battle between the pharmaceutical industry and privacy advocates. In June 2006, New Hampshire passed its "Prescription Confidentiality Act," which bars the license, transfer, use or sale for any commercial purpose of patient-identifiable or prescriber-identifiable information.