Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Global Privacy Dispatches- UK- Pension Records Exposed (December 1, 2007)
Unencrypted data on a CD relating to pension information for 15,000 people disappeared on Nov. 9 while in transit from Her Majesty's Revenue and Customs Service and the financial services company Standard Life. The victims have been notified. The exposed personal data includes surnames and initials, as well as National Insurance numbers, birth dates and pension plan numbers.
Global Privacy Dispatches- UK- RFID Monitoring (December 1, 2007)
Ten students at Hungerhill School in Edenthorpe are having their class attendance monitored by RFID chips embedded in their school badge in a pilot program. The program may be expanded if successful. The manufacturer plans to market the product countrywide. The program has drawn some opposition from civil rights groups.
Global Privacy Dispatches- UK- Poor Security Practices (December 1, 2007)
In a recent survey of 1,200 UK workers, 35 percent said that IT security is the responsibility of the individual user when outside the workplace. Eighteen percent said they share their work password with another person; 32 percent share their work PC with a member of their household; 51 percent access company information from home and 33 percent do the same from public hotspots.
Global Privacy Dispatches- UK- Airline Passengers (December 1, 2007)
Under a proposal by the European Commissioner for Freedom, Security and Justice, airlines or computerized reservation systems would send at least 19 pieces of data on each passenger flying in or out of the EU to data-analysis units set by each EU state. All EU members must approve the proposal before it becomes law. The data includes names, credit card information, and telephone numbers.
Global Privacy Dispatches- UK- Student Activity Photos (December 1, 2007)
Just in time to prevent a ba-humbug holiday, the ICO has released guidance dispelling any confusion about whether family and friends may take pictures of children at school activities. Family and friends invited to school activities such as holiday plays may take pictures and videotape such events under the Domestic Purposes exception (section 36 of the Data Protection Act). The act, however, may apply to pictures taken by school officials for building passes and school prospectuses.
Global Privacy Dispatches- UK- Criminal Conviction Records (December 1, 2007)
The ICO has ordered four police forces to delete old criminal convictions from the Police National Computer (PNC). The ICO is concerned that the old conviction information is held contrary to the principles of the Data Protection Act because the information is no longer relevant and is excessive for policing purposes.
Global Privacy Dispatches- UK- Data Protection Act (December 1, 2007)
The Information Commissioner's Office (ICO) has found the Foreign and Commonwealth Office (FCO) in breach of the Data Protection Act following an investigation into the online application facility for UK visas.
Global Privacy Dispatches- Netherlands- Employee Dismissal (December 1, 2007)
On Sept. 14, the Dutch Supreme Court ruled that the Hyatt Hotel and Casino in Aruba was allowed to instantly dismiss a waitress because of off-duty drug use.
IAPP Privacy Academy 2007 (December 1, 2007)
IAPP Privacy Academy 2007 Opens With a Look at Privacy's Past, Present and Future
Privacy in Israel: Current Status and Recent Developments (December 1, 2007)
As of 1992, the right of privacy in Israel maintains a constitutional status. Section 7 of the Human Dignity and Liberty Basic Law 5752 — 1992 (the basic law) provides that all persons have a right to privacy and to intimacy.
Global Privacy Dispatches- Israel- Email Monitoring (December 1, 2007)
Last July, the District Labor Court of Tel-Aviv ruled that an employer must comply with the provisions of the Israeli Wiretap and Protection of Privacy laws, prior to accessing employee‘s emails.
PERSPECTIVE: Advocate or Adversary: Recruiting's Balancing Act (December 1, 2007)
The myriad issues facing employers working to fill a vacancy and the desires of a prospective employee seeking to find gainful employment rarely match perfectly. At the workplace, budget constraints, personality conflicts, equipment obsolescence, office politics and community shortfalls may give pause to a candidate perfectly suited for an empty position.
Global Privacy Dispatches- Privacy Commissioners Conference (December 1, 2007)
The Privacy Commissioner's Office of Canada hosted the 29th International Conference of Data Protection and Privacy Commissioners in Montreal September 26-28. This international group is composed of national and sub-national representatives, mainly from European and Canadian data protection authorities. Countries such as the U.S. and Japan are permitted to attend as observers.
The Privacy Advisor Interviews Scott Charney of Microsoft (December 1, 2007)
The Privacy Advisor recently interviewed Scott Charney, Corporate Vice President of Microsoft Corp's Trustworthy Computing (TwC) Group about the company's efforts to protect its critical infrastructure, improve its engineering practices, secure its networks, and reach out to the rest of the technology industry on today's most important privacy and security issues.
Lauren Steinfeld (December 1, 2007)
The University of Pennsylvania Office of Audit, Compliance and Privacy announced that it has restructured its leadership in the privacy and compliance functions.
CCTV Privacy Practices (December 1, 2007)
The U.S. Department of Homeland Security Privacy Office has announced that it will hold a public workshop, CCTV: Developing Privacy Best Practices, on December 17-18 at the Hilton Arlington Hotel (Ballston Metro Stop) in Arlington, Virginia.
Global Employee Privacy Law (December 1, 2007)
The Privacy and Data Security Practice Group at Morrison & Foerster, led by practice head Miriam Wugmeister, has authored Employee Privacy: Guide to U.S. and International Law, published in two versions by A S Pratt & Sons and Thompson Publishing.
Global Privacy Dispatches- Argentina- Serradilla v Mendoza (December 1, 2007)
The Supreme Court of Argentina recently ruled that those who facilitate identity theft are liable for losses and emotional distress. In the case, a citizen requested the issuance of a new national identity card (cards which are mandatory in Argentina). The card was lost in the bureaucracy of the federal government and the individual never received it.
VIEWPOINT: RFID Technology for Identity Documents (December 1, 2007)
Neville Pattinson is the Vice President for Government Affairs at Gemalto, Inc. based in Austin, Texas. Pattinson serves as a Board member of the Smart Card Alliance and is Chairman of its Identity Council. He is a founding member of the Secure ID Coalition. Neville presently is serving a 3-year appointment as a Special Government Employee to the Department of Homeland Security's (DHS) "Data Privacy and Integrity Advisory Committee" (DPIAC). As a disclaimer, the article does not reflect the opinion of DHS or the DPIAC Committee.
Moody's Risk Services Corporation Now Offers Vendor Information Risk Ratings (December 1, 2007)
Clare Dever, CIPP, Executive Director of Compliance & Strategic Consulting Services, recently interviewed Edward Leppert, Director of Moody's Risk Services, to learn more about Moody's new Vendor Information Risk (VIR) Ratings.
IAPP in the News (December 1, 2007)
The IAPP has announced that two private sector organizations and one public sector privacy agency are the winners of the HP-IAPP Privacy Innovation Award.
IAPP in the News: Academy Draws Media for Tech Coverage (December 1, 2007)
With its special focus on technology, the IAPP Privacy Academy 2007 drew a number of journalists covering the latest developments in the areas of RFID, online privacy and cybercrime.
Ponemon Institute/Littler Mendelson Study (December 1, 2007)
Workplace Survey on the Privacy Age Gap (April 2007)