Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Privacy News (June 1, 2007)
Paula J. Bruening has been appointed Deputy Executive Director for The Center for Information Policy Leadership and Senior Policy Advisor at Hunton & Williams LLP. Bruening joins the firm after having served as counsel at the Center for Democracy & Technology, a nonprofit public interest organization, where she focused on cyber-privacy issues.
Ask the Privacy Expert (June 1, 2007)
A reader last month submitted the following question to Ask the Privacy Expert:
New Faces at the IAPP (June 1, 2007)
The IAPP is pleased to welcome two new staff members.
IAPP in the News (June 1, 2007)
Acuity Mobile, a provider of targeted mobile content delivery technology, recently announced the addition of Alan Chapell, CIPP, as a new board member and executive advisor. Chapell will advise Acuity Mobile on the latest issues surrounding the Chapell is widely recognized as an industry leader on issues of privacy in mobile ecosystems and interactive media.
Global Privacy Dispatches (June 1, 2007)
The much-anticipated report of the Parliamentary Committee that conducted the statutory 5-year review of Canada's privacy law - the Personal Information Protection and Electronic Documents Act (PIPEDA) - was tabled recently in the House of Commons.
Notes from the Executive Director (June 1, 2007)
In May, the list of security breaches continued to grow with new entries for lost and stolen laptops and tapes containing sensitive data. We also learned new details of the financial damage facing TJX Cos., a price tag that already has cost the company $25 million, with no end in sight. The legal fallout continues to take shape for TJX, which is faced with multiple class action lawsuits and investigations by regulators. It seems obvious that companies would have learned - either by the excruciating example of others or their own data security blunders - that breach prevention is a wise up-front investment.
TK Maxx Data Theft - Views from the UK (June 1, 2007)
In January this year, news broke of a massive credit- and payment- card data theft from TK Maxx (the UK division of TJ Maxx). TJX, the parent company, said that the theft occurred in May 2006, but it did not discover this until December 2006. In an updated announcement in February, it said the theft might have occurred in July 2005, but in papers filed with the U.S. Securities and Exchange Commission in March, it clarified that 45.6 million credit and debit card numbers were stolen over 18 months.
White House ID Theft Task Force Releases Strategic Plan: What Do Businesses Need to Know? (June 1, 2007)
On April 23, 2007, the President's Identity Theft Task Force, led by the Attorney General and the Chair of the Federal Trade Commission (FTC), released a report that describes a coordinated strategic plan to reduce injuries from identity theft and take more aggressive action against identity thieves.