Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Notes from the Executive Director (March 1, 2008)
You may be reading this column between events while attending the IAPP's annual Privacy Summit at the Renaissance Washington DC Hotel. If so (or if you wish you were), you are doubtless struck by the energy that pervades the U.S. Capitol; when you are here, the world seems abuzz with activity, and that's certainly the case within the privacy community during the Summit.
IAPP Announces New Appointments to the 2008 Board of Directors (March 1, 2008)
The IAPP is pleased to announce the appointment of four new directors to its Board as well as the promotion of directors to serve in new leadership roles. The IAPP Board of Directors now includes privacy leaders from Accenture, Charles Schwab, Goodwin Procter and the U.S. Office of the Director of National Intelligence. They join existing directors from General Electric Company, Google, Highmark Inc., IBM Corp., Information Integrity Solutions, Intel, Kelley Drye Collier Shannon, Marriott International, Microsoft Corp., Nationwide Insurance Companies, The Procter & Gamble Company, Schering-Plough Corp., The Walt Disney Company, Wal-Mart and Zeno Group.
Global Privacy Dispatches- Canada- Privacy Commissioners (March 1, 2008)
Many IAPP members may not realize that Canada has 13 Information and Privacy Commissioners/ Ombudsmen (see list below) and that they work together to address privacy issues in Canada. An example of this teamwork is the February 5, 2008 joint resolution regarding enhanced driver's licences (EDL) which outlines the steps that need to be taken to ensure the privacy and security of any Canadian's personal information accessed as part of EDL programs.
ID Theft Liability Protection (March 1, 2008)
Avue Technologies, a provider of human capital technology to the federal government, and LifeLock, a provider of identity theft prevention services, have announced a joint effort to protect federal government agencies from liability for identity theft.
IAPP in the News (March 1, 2008)
Thompson Publishing Group newsletter, Employer's Guide to HIPAA Privacy Requirement, was on hand for the IAPP's Washington, D.C. KnowledgeNet meeting on January 16, and included comments by Kirk Nahra, CIPP, of Wiley Rein LLP, whose presentation at the event was on electronic health records.
KnowledgeNet (March 1, 2008)
On January 16, 2008, the IAPP's Washington, D.C. KnowledgeNet kicked off the calendar year with a discussion on Developments with Healthcare E-Records presented by Kirk Nahra. Nahra, a partner with Wiley Rein whose specialties include healthcare, privacy and information security issues, addressed an audience of more than 50 attendees hosted by the offices of Ernst & Young.
Protecting Privacy in Public Private Partnerships: What Government Agencies Should Know (March 1, 2008)
From electricity to parking tickets, Public Private Partnerships (PPPs) account for about a third of the basic services provided in the U.S. PPPs need not comply with Privacy Act of 1974, nor follow Fair Information Practice Principles (FIPPs). Yet, the success of these programs often depends on public trust. This article identifies data privacy principles government managers should consider when establishing PPPs, and makes specific recommendations for implementing comprehensive privacy standards.
Identity Linkage and Privacy - Part 2 (March 1, 2008)
Karen Lawrence Oqvist continues to explore the concept of an identity linkage between our physical selves and the personal information that is collected about us and that we share, or that is shared on our behalf, knowingly and unknowingly. In this, the second of a two-part article, Lawrence Oqvist focuses on information-collection devices and techniques, and their benefits and dangers.
Global Privacy Dispatches- EU- Data Collection and Storage (March 1, 2008)
The French data protection regulator (CNIL) issued a statement that it will seek an EU-wide resolution addressing the conflicting U.S. and EU legal requirements on the collection, retention and transfer of data in response to litigation holds, pre-trial discovery, U.S. regulator injunctions to retain or transfer data, and the "criminalization of information destruction".
Global Privacy Dispatches- UK- Harcup v ICO (March 1, 2008)
In Harcup v. Infor-mation Commissioner and Yorkshire Forward (Information Tribunal) (2008) EA/2007/0058, the Tribunal held that the names of attendees at a town sponsored event promoting business was not personal information according to the leading UK case, Durant v. FSA  EWCA Civ 1746 (HL). In doing so, the Tribunal chose not to follow the ICO's guidance on what constitutes personal data.
Global Privacy Dispatches- UK- Data Security Law (March 1, 2008)
In January 2008, in response to the loss of the HMRC's data disks (November 2007), the House of Commons Justice Committee published a report titled "Protection of Private Data", which deals with the Information Commissioner's calls for criminal penalties to punish data security breaches. To recap, in December 2007 the Commissioner published a paper titled "the case for amending the Data Protection Act 1998", in which he proposed the introduction of a new criminal offence of failing to comply with the data protection principles.
Global Privacy Dispatches- Intellectual Property Rights (March 1, 2008)
This case landed on the ECJ following a referral from a Spanish national court. This is a common procedure for cases where EU national courts deal with cases that involve European law principles that may be subject to different interpretations. When this happens, national judges normally prefer to ask the ECJ to take a view on the relevant European law principle so that the outcome is consistent with what the European legislation originally intended.
Privacy Commissioner of Canada (March 1, 2008)
The Office of the Privacy Commissioner announced recently that up to half a million dollars in funding will be available to aid research into privacy issues and encourage the advancement of privacy rights under the Privacy Commissioner of Canada's Contributions Program.
Compuware (March 1, 2008)
To better address mainframe data and application security issues with internal, authorized users, Compuware Corporation recently announced enhancements to the company's Application Auditing solution. This new release contains an expanded Web interface designed for use by forensic investigations.
IT Security (March 1, 2008)
The National Association of State Chief Information Officers (NASCIO) has released a new video, At Risk! Securing Government in a Digital World. A product of NASCIO's Security and Privacy Committee and IT Security Video Work Group, the video is designed to assist state CIOs in communicating the important message about why securing government technology is a critical concern in the digital world.
Most Trusted Companies 2007 (March 1, 2008)
TRUSTe, in conjunction with the Ponemon Institute, named HP, Intuit Inc. and AOL as the Most Trusted Companies for Privacy for 2007. The winners were announced on January 29 in Washington, D.C. at the Congressional Internet Caucus faculty reception.