Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

POLAND—DPA vs. Google on the Information Security Administrator
The Supreme Administrative Court, in its judgment of 21 February, supported the position adopted by the Polish Data Protection Authority (DPA) in its decision issued towards Google, Inc. Read More
UK—ICO Issues 50,000 GBP Fine for Unsolicited Calls
The Information Commissioner’s Office has fined home improvement company Amber Windows 50,000 GBP after an investigation discovered they had made unsolicited marketing calls to individuals who had registered with the Telephone Preference Service. Read More
UK—ICO Publishes Plans for 2014-17
The UK Information Commissioner’s Office has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation. Read More
UK—Disclosure and Barring Service Warned After Collecting Unnecessary Sensitive Data
The UK Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks. Read More
FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
Notes from the Executive Director (March 1, 2008)
You may be reading this column between events while attending the IAPP's annual Privacy Summit at the Renaissance Washington DC Hotel. If so (or if you wish you were), you are doubtless struck by the energy that pervades the U.S. Capitol; when you are here, the world seems abuzz with activity, and that's certainly the case within the privacy community during the Summit.
IAPP Announces New Appointments to the 2008 Board of Directors (March 1, 2008)
The IAPP is pleased to announce the appointment of four new directors to its Board as well as the promotion of directors to serve in new leadership roles. The IAPP Board of Directors now includes privacy leaders from Accenture, Charles Schwab, Goodwin Procter and the U.S. Office of the Director of National Intelligence. They join existing directors from General Electric Company, Google, Highmark Inc., IBM Corp., Information Integrity Solutions, Intel, Kelley Drye Collier Shannon, Marriott International, Microsoft Corp., Nationwide Insurance Companies, The Procter & Gamble Company, Schering-Plough Corp., The Walt Disney Company, Wal-Mart and Zeno Group.
Global Privacy Dispatches- Canada- Privacy Commissioners (March 1, 2008)
Many IAPP members may not realize that Canada has 13 Information and Privacy Commissioners/ Ombudsmen (see list below) and that they work together to address privacy issues in Canada. An example of this teamwork is the February 5, 2008 joint resolution regarding enhanced driver's licences (EDL) which outlines the steps that need to be taken to ensure the privacy and security of any Canadian's personal information accessed as part of EDL programs.
ID Theft Liability Protection (March 1, 2008)
Avue Technologies, a provider of human capital technology to the federal government, and LifeLock, a provider of identity theft prevention services, have announced a joint effort to protect federal government agencies from liability for identity theft.
IAPP in the News (March 1, 2008)
Thompson Publishing Group newsletter, Employer's Guide to HIPAA Privacy Requirement, was on hand for the IAPP's Washington, D.C. KnowledgeNet meeting on January 16, and included comments by Kirk Nahra, CIPP, of Wiley Rein LLP, whose presentation at the event was on electronic health records.
KnowledgeNet (March 1, 2008)
On January 16, 2008, the IAPP's Washington, D.C. KnowledgeNet kicked off the calendar year with a discussion on Developments with Healthcare E-Records presented by Kirk Nahra. Nahra, a partner with Wiley Rein whose specialties include healthcare, privacy and information security issues, addressed an audience of more than 50 attendees hosted by the offices of Ernst & Young.
Five Tips for Developing Practical and Effective Information Security Programs (March 1, 2008)
This article outlines five strategies for developing corporate information security programs that meet regulatory obligations and protect sensitive data without imposing unreasonable, costly, or cumbersome requirements on the business units they serve.
Protecting Privacy in Public Private Partnerships: What Government Agencies Should Know (March 1, 2008)
From electricity to parking tickets, Public Private Partnerships (PPPs) account for about a third of the basic services provided in the U.S. PPPs need not comply with Privacy Act of 1974, nor follow Fair Information Practice Principles (FIPPs). Yet, the success of these programs often depends on public trust. This article identifies data privacy principles government managers should consider when establishing PPPs, and makes specific recommendations for implementing comprehensive privacy standards.
Identity Linkage and Privacy - Part 2 (March 1, 2008)
Karen Lawrence Oqvist continues to explore the concept of an identity linkage between our physical selves and the personal information that is collected about us and that we share, or that is shared on our behalf, knowingly and unknowingly. In this, the second of a two-part article, Lawrence Oqvist focuses on information-collection devices and techniques, and their benefits and dangers.
Global Privacy Dispatches- EU- Data Collection and Storage (March 1, 2008)
The French data protection regulator (CNIL) issued a statement that it will seek an EU-wide resolution addressing the conflicting U.S. and EU legal requirements on the collection, retention and transfer of data in response to litigation holds, pre-trial discovery, U.S. regulator injunctions to retain or transfer data, and the "criminalization of information destruction".
Global Privacy Dispatches- UK- Harcup v ICO (March 1, 2008)
In Harcup v. Infor-mation Commissioner and Yorkshire Forward (Information Tribunal) (2008) EA/2007/0058, the Tribunal held that the names of attendees at a town sponsored event promoting business was not personal information according to the leading UK case, Durant v. FSA [2003] EWCA Civ 1746 (HL). In doing so, the Tribunal chose not to follow the ICO's guidance on what constitutes personal data.
Global Privacy Dispatches- UK- Data Security Law (March 1, 2008)
In January 2008, in response to the loss of the HMRC's data disks (November 2007), the House of Commons Justice Committee published a report titled "Protection of Private Data", which deals with the Information Commissioner's calls for criminal penalties to punish data security breaches. To recap, in December 2007 the Commissioner published a paper titled "the case for amending the Data Protection Act 1998", in which he proposed the introduction of a new criminal offence of failing to comply with the data protection principles.
Global Privacy Dispatches- Intellectual Property Rights (March 1, 2008)
This case landed on the ECJ following a referral from a Spanish national court. This is a common procedure for cases where EU national courts deal with cases that involve European law principles that may be subject to different interpretations. When this happens, national judges normally prefer to ask the ECJ to take a view on the relevant European law principle so that the outcome is consistent with what the European legislation originally intended.
Global Privacy Dispatches- Netherlands- Hotel Identification Documents (March 1, 2008)
In response to questions by the U.S. embassy in The Hague, the Dutch Data Protection Authority (DDPA) has informed the Dutch association of hotelkeepers that its members are not allowed to make copies of their guests' identification documents.
Privacy Commissioner of Canada (March 1, 2008)
The Office of the Privacy Commissioner announced recently that up to half a million dollars in funding will be available to aid research into privacy issues and encourage the advancement of privacy rights under the Privacy Commissioner of Canada's Contributions Program.
Identity Theft Assistance Center (March 1, 2008)
The Identity Theft Assistance Center (ITAC) recently announced the election of new officers for 2008.
Compuware (March 1, 2008)
To better address mainframe data and application security issues with internal, authorized users, Compuware Corporation recently announced enhancements to the company's Application Auditing solution. This new release contains an expanded Web interface designed for use by forensic investigations.
IT Security (March 1, 2008)
The National Association of State Chief Information Officers (NASCIO) has released a new video, At Risk! Securing Government in a Digital World. A product of NASCIO's Security and Privacy Committee and IT Security Video Work Group, the video is designed to assist state CIOs in communicating the important message about why securing government technology is a critical concern in the digital world.
Most Trusted Companies 2007 (March 1, 2008)
TRUSTe, in conjunction with the Ponemon Institute, named HP, Intuit Inc. and AOL as the Most Trusted Companies for Privacy for 2007. The winners were announced on January 29 in Washington, D.C. at the Congressional Internet Caucus faculty reception.