Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Global Privacy Dispatches- Canada- Handling Complaints (February 1, 2008)
The Federal Privacy Commissioner in a letter dated January 15, 2008 to Industry Canada responded to its consultations regarding the review of the Personal Information Protection and Elec-tronic Documents Act (PIPEDA) expressing the desire to be able to take a more proactive approach to addressing key and systemic issues through research, public education, and Commissioner initiated complaints and audits. Ongoing lengthy delays in the handling of complaints are stated to consume resources and frustrate efforts to shift focus and deal with major privacy threats resulting from rapidly advancing information technologies affecting society as a whole.
2008 Presidential Candidates Present Contrasts on Privacy (February 1, 2008)
With the 2008 presidential campaigns in full swing, it's time to look at the privacy positions of the remaining candidates as well as the privacy policies on the campaign Web sites. Each of the candidates has a privacy policy on their Web site, but only three — Hillary Clinton, Barack Obama and Ron Paul — have policy positions that specifically address privacy.
Facebook and Truste (February 1, 2008)
TRUSTe and Facebook have announced enhanced disclosures around the Beacon program in the Facebook privacy policy, and unveiled recommended language for new Beacon Web site partners to use in their own privacy policies. As a result of recent changes implemented by Facebook, Beacon now requires an affirmative opt-in and user control over whether activity is made available to friends and networks on Facebook. It also carries a universal opt-out mechanism. These controls meet TRUSTe's requirements regarding third-party data collection and publishing.
Stollenwerk v. Tri-West Health: Rise of the Phoenix? (February 1, 2008)
One of the biggest obstacles for consumer plaintiffs in personal data breach lawsuits has been establishing the “damages” element of a negligence claim, but a landmark case against establishing damages, ironically, could give plaintiff’s attorneys added ammunition. David Navetta examines the case of Stollenwerk v. Tri-West health in this article.
Information Security Survey (February 1, 2008)
The results of Ernst & Young’s 2007 Global Information Security Survey show privacy as an increasingly important driver of corporate information security practices.
Q&A with Summit Keynote Speaker Jeffrey Rosen (February 1, 2008)
In this Privacy Advisor Q&A, Jeffrey Rosen, professor of law at George Washington University, talks about the role of the Supreme Court in the evolution of U.S. privacy law and discusses the issues that will likely frame the legal debate over privacy in the coming years.
Global Privacy Dispatches- UK- Barclays Chairman Identity Fraud (February 1, 2008)
The chairman of Barclays Bank has become a victim of identity fraud after a con man stole £10,000 from his personal account in a credit card scam. Marcus Agius, who took over as Barclays chairman last year, lost the money after a fraudster convinced a call centre worker to issue a credit card in his name.
Global Privacy Dispatches- UK- Protection of Private Data (February 1, 2008)
The Justice Committee of the House of Commons has issued a report titled Protection of Private Data. The report is the result of an inquiry prompted by the November 2007 loss by Revenue and Customs of two CDs containing personal and banking information belonging to all child benefit claimants. The Committee took evidence from Information Commissioner Richard Thomas and David Smith, his deputy, about the case and the issue of protection of personal data held by the government and other agencies.
Global Privacy Dispatches- UK- Carphone Warehouse (February 1, 2008)
The Information Commissioner's Office (ICO) has taken enforcement action against Carphone Warehouse, and its sister company TalkTalk, for breaches of the UK Data Protection Act. The enforcement action followed an investigation into several complaints concerning the way in which both organisations processed and stored personal information.
Global Privacy Dispatches- Spain- New Regulation (February 1, 2008)
In December 2007, the Spanish government approved an important regulation developing the Spanish Data Protection Act of 1999.
Global Privacy Dispatches- Italy- Acceptance of BCR's (February 1, 2008)
Recently, Italy made some changes regarding data export to countries that do not offer adequate protection according to EU standards. On 6 December 2007, the Italian Data Protection Authority (Garante per la protezione dei dati personali) issued a press release announcing that it had officially requested that the Italian Parliament modify the section of the Italian Data Protection Code that referred to the export of data to third countries.
Global Privacy Dispatches- Israel- Communication Data (February 1, 2008)
Law enforcement agencies in Israel have been granted broad access to information held by telecommunication service providers, under legislation aimed at regulating communication data transfer during the course of criminal investigations.
Global Privacy Dispatches- EU- Passenger Name Records (February 1, 2008)
Passenger Name Records (PNR) have proven to be a critical tool to help the Department of Homeland Security (DHS) identify lethal enemies — including those previously unknown — from among the numerous travelers who arrive from overseas. In its agreement from June of 2007, DHS sought to ensure its continued access to this useful information while at the same time safeguarding the privacy of the traveling public. Recently, the EU Parliament (EUP) Legal Services has issued a legal opinion on the 2007 Agreement, at the request of the President of the EUP Commission on Civil Liberties, Justice and Internal Affairs (LIBE).
Global Privacy Dispatches- Czech Republic- Schengen Information System (February 1, 2008)
On 21 December 2007, the Czech Republic joined the Schengen system. Internal border controls were abolished, although controls at international airports will only be cancelled at the end of March 2008.
Personal Health Records (February 1, 2008)
The Health Privacy Project, the California HealthCare Foundation, and a group of corporate leaders recently released Best Practices for Employers Offering Personal Health Records (PHRs). The 10 Best Practices are designed to address companies' concerns about consumer anxiety and regulatory uncertainty.
RFID and Privacy (February 1, 2008)
Ontario Information and Privacy Commissioner Ann Cavoukian, Ph.D., in collaboration with Hewlett Packard (HP) Canada, have released a joint whitepaper, RFID and Privacy: Guidance for Health-Care Providers, which is aimed at cutting through the uncertainty over the potential application of Radio Frequency Identification (RFID) technology in the health sector and the privacy implications of its uses.
Compuware and Ponemon Survey (February 1, 2008)
A survey conducted by Compuware Corporation and the Ponemon Institute showed an overwhelming majority of organizations surveyed risk compromising critical information by using actual customer data for the development and testing of applications.
IAPP in the News (February 1, 2008)
Ross Kerber, a reporter following the TJX data breach story for the The Boston Globe, recently interviewed IAPP Executive Director J. Trevor Hughes. The article focused on TJX's move to create a number of privacy roles to help it contend with privacy issues in the future.
Notes from the Executive Director (February 1, 2008)
It seems like it was just last week that I was shaking hands and greeting the nearly 1,000 privacy professionals who gathered in San Francisco for the Privacy Academy 2007, and here we are, together again, for what is widely regarded as the "must attend"event of the year on the privacy calendar — the IAPP Privacy Summit 2008.
IAPP Privacy Summit 2008 Keynotes Feature Supreme Court Experts, Global Thought Leaders (February 1, 2008)
As excitement builds in Washington over the impact of the 2008 presidential election, the IAPP Privacy Summit 2008 will capture the momentum with analysis and discussion about legislative trends and likely developments in privacy in the coming year. In an enduring commitment to provide attendees with programming focused on global privacy, the IAPP Privacy Summit 2008 also will present sessions on the latest global privacy issues.