Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Privacy News (September 1, 2007)
The Information Commissioner's Office (ICO) is launching a consultation on its new Data Protection Strategy, which sets out how the ICO intends to achieve its task of minimizing data protection risk. The strategy is concerned with maximizing the ICO's long-term effectiveness in bringing about good practice. It explains how the ICO will focus its data protection resources where there is the greatest risk of harm through improper use of personal information.
Ask the Privacy Expert (September 1, 2007)
Internal investigations have become an integral part of managing an organization as employers confront an increasingly wide range of employee misconduct. Because investigators often surreptitiously collect information which the target considers private and the results of which can ruin a career, internal investigations can expose an employer to civil, and even criminal, liability as well as bad publicity. What are some of the steps which can be taken to reduce an organization's exposure?
Notes From the Executive Director (September 1, 2007)
While the U.S. Congress has yet to take action this year to adopt a California-style security breach notification law, the state's ground-breaking statute is making a significant global impact as the UK, Australia, New Zealand and Canada mull notification mandates similar to SB-1386.
New Liability Under State Law Stresses Need for Strong Data Security for Payment Card Data (September 1, 2007)
Merchants striving to comply with the Payment Card Industry Data Security Standards (PCI DSS) now have additional reason to focus on the security of payment card data. In late May, Minnesota became the first state to hold merchants strictly liable for costs incurred by financial institutions who assist consumers following the discovery of a security breach.
Global Privacy Dispatches (September 1, 2007)
Biometric data of foreigners entering Australia will be stored in a central repository for identification, verification and cross-checking by departments of the Australia Government. The Department of Immigration and Citizenship (DIAC) is expected to provide a single source of identification for all DIAC clients. The 3-year management strategy is covered under the Migration Legislation Amendment (Identification and Authentication) Act of 2004 and will employ facial, iris scanning and fingerprinting for foreigners entering Australia. DIAC reports that identify fraud cost Australia about $1 billion per year.
National Research Council Report Discusses Possible Future of Privacy Regulation in the U.S. (September 1, 2007)
The prestigious National Research Council (NRC) recently issued a comprehensive report on privacy and technology in the digital age. In addition to providing a very thoughtful and detailed overview of privacy, the report outlines the need for a national privacy commissioner or standing privacy commission to provide ongoing and periodic assessments of privacy developments.
¡Viva La Privacidad! (September 1, 2007)
With so much data privacy activity focused on the United States, the European Union (EU) and Asia, it's easy to overlook our neighbors to the south — Latin America. Ironically, the region has some of the most unique and diverse privacy laws in the world, along with a growing need for more.
Electronically Stored Information in Litigation (September 1, 2007)
During the past two decades, privacy professionals have witnessed technological changes in the way business records are created, maintained and regulated, requiring adaptations to their privacy management practices. During that time, parties to litigation and the courts have wrestled with the issues surrounding electronic documents.
VIEWPOINT: The Healthcare Privacy Debate Heats Up (September 1, 2007)
While Congress and many others continue to discuss the appropriateness of the current enforcement approach to healthcare privacy, a broader debate is developing as to whether the existing privacy rules are reasonable and effective in today's evolving healthcare information environment. Several key recent developments are making this debate more interesting and more active — leading to the realistic possibility that we may see new privacy rules for the healthcare industry (and the many others who use healthcare information) in the near future.
IAPP in the News (September 1, 2007)
One of the world's preeminent futurists, Paul Saffo, author and information architect, Alex Wright, and Scott Charney, Corporate Vice President of Microsoft's Trustworthy Computing Group, will deliver keynotes at the IAPP Privacy Academy 2007, Oct. 22-24, in San Francisco.
KnowledgeNet (September 1, 2007)
Don Gemberling, the former Director of the Information Policy Analysis, Division of the State of Minnesota Department of Administration, made a presentation to the Twin Cities KnowledgeNet on July 18 at the Ernst & Young offices in Minneapolis. Before his retirement in 2005, Gemberling was often introduced as the "world's oldest living privacy bureaucrat" because of his work with the development and administration of the Minnesota Government Data Practices Act, the nation's first combined fair information practices and freedom of information statute.