Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
IAPP in the News (October 1, 2007)
As companies collaborate and share information across borders and devices, personal data becomes more valuable to businesses and criminals alike, resulting in security threats with much greater impact to lives of users and businesses, according to Scott Charney, Corporate Vice President of Microsoft's Trustworthy Computing Group.
Privacy News (October 1, 2007)
The Australian Law Reform Commission (ALRC) has released a blueprint with 301 proposals for overhauling Australia's complex and costly privacy laws and practices.
Global Privacy Dispatches (October 1, 2007)
The Czech Data Protection Office recently warned against the excessive use of cameras. The operation of cameras falls within the scope of the Czech data protection law if images and/or sounds are recorded, and if such recordings are used for identifying individuals.
VIEWPOINT: Privacy Laws Do Not Stand in the Way of Public Safety (October 1, 2007)
In its struggle to make sense of a senseless tragedy, the panel considered many issues. One was communication, and how university officials failed to communicate both with each other and with the parents of the killer prior to the massacre. Officials attributed this failure to their interpretation of the privacy laws they are bound by; they felt that those laws prohibited them from sharing much-needed information.
VIEWPOINT: New Wave of Class Action Privacy Litigation Loses Some of Its Momentum (October 1, 2007)
In a ruling that has the potential effect of nullifying a Web site's privacy policy and rewriting the e-discovery rules for litigation, a federal court has ordered Web site owners to capture in audit logs and produce information about users who had searched for or downloaded certain software.
VIEWPOINT: Healthcare Information Organizations vs. New Hampshire: Striking the Appropriate Balance (October 1, 2007)
Protecting certain consumer information obviously is an important and legitimate function of government. But at the same time, our democratic society also requires that other types of information remain accessible to the public, and that people have the right to share ideas freely and openly.
Notes From the Executive Director (October 1, 2007)
Last month, IAPP membership soared beyond 4,000 members - a milestone as we prepare this month to host more than 800 privacy pros during the IAPP Privacy Academy 2007 in San Francisco. As the IAPP establishes itself as the leading association for privacy professionals globally, our membership continues to experience phenomenal growth. By the end of this year, the IAPP will have experienced a 41 percent growth rate over the previous year.
New Wave of Class Action Privacy Litigation Loses Some of Its Momentum (October 1, 2007)
A wave of class action privacy litigation recently reached tsunami-like proportions but now appears to be losing some of its momentum. These suits allege violations of the Fair and Accurate Credit Transactions Act (the FACT Act) because a non-truncated credit or debit card number and/or an expiration date appears on a printed receipt. Since December 2006, more than 200 such class actions have targeted the gamut of national chain operations - including, for example, retailers, hoteliers and restaurateurs - which rely heavily on credit and debit card transactions with consumers.
Lessons Learned From Recent Privacy Litigation (October 1, 2007)
Privacy and security litigation remains an area of intense interest. A wide variety of high-profile security breaches has focused attention on the risks associated with the use, disclosure and maintenance of personal information by entities in essentially all industries. New laws continue to emerge, at both the state and federal level. Yet, there has been a relatively modest amount of privacy and security litigation, and no breakthrough decision that heralds a new era of litigation risks for companies that use and disclose personal information. What can we learn from the recent past on privacy and security litigation?