Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Information Management Tools (April 1, 2008)
IBM's Zurich Research Lab is working on giving users more control over personal information disclosed in Web 2.0 social networking platforms. Funded by the European Union's 7th Framework Programme, The PrimeLife—Privacy and Identity Management in Europe for Life—project also will work on solutions for their to manage their "Web prints," the traces of ourselves that we leave each time we use the Internet.
Laptop Technology (April 1, 2008)
Intel plans to this year release technology that will prevent thieves from getting at data stored on laptop computers, giving IT managers a means of protecting sensitive information in the event a laptop is stolen or misplaced. The company says Intel Anti-Theft Technology will be released in the fourth quarter of this year.
Georgia-Pacific LLC (April 1, 2008)
Georgia-Pacific LLC, one of the world's leading manufacturers of forest and consumer products, is enhancing its global privacy function. Jonathan Soll is now the company's chief privacy officer, responsible for developing and implementing a worldwide privacy program. Soll reports to Tye Darland, senior vice president-law and general counsel.
CDT and HPP (April 1, 2008)
The Center for Democracy & Technology (CDT), a nonprofit public interest organization and the Health Privacy Project (HPP) have merged to help resolve privacy concerns associated with health information technology.
Microsoft Privacy Vendor (April 1, 2008)
Microsoft says its recent acquisition of privacy vendor Credentica is a step toward helping better protect the privacy of users. Credentica's U-Prove technology enables users to reveal only minimal information about themselves while online. During an interview with Network World, Microsoft Identity Architect Kim Cameron said the technology will become part of the base identity infrastructure the company offers, adding that "Good privacy practices will become one of the norms of e-commerce."
Walter Boyd (April 1, 2008)
For the first time in the organization's history, the Florida Department of Revenue (DOR) has a privacy officer. Walter Boyd, CIPP, CIPP/G, joined the department in March. In this role Boyd will set the standards for protecting DOR information. He will also oversee matters concerning the privacy of information gathered and stored by the department, including DOR employees, Florida taxpayers, children and others.
Global Privacy Dispatches- UK- ICO Enforcement Spree (April 1, 2008)
The Information Commissioner's Office (ICO) is not showing any signs of relaxation as far as its reinvigorated enforcement policy is concerned. In recent weeks, the ICO has successfully prosecuted a Manchester debt-recovery firm and two London lawyers for various offences under data protection law. Following thousands of complaints from individuals and businesses to the ICO, ADC Organisation Ltd. plead guilty to six charges under the Privacy and Electronic Communications Regulations and must pay a total of £2,500 in fines and costs.
Global Privacy Dispatches- Netherlands- Fingerprints (April 1, 2008)
In December, the European Commission issued a regulation mandating that, by June 28, 2009, all European Union passports (except passports issued in the UK and Ireland) should include a chip storing the photo and two fingerprints of the passport owner.
Global Privacy Dispatches- France- CNIL Thirty Years (April 1, 2008)
Thirty years ago, the Law of January 6, 1978 on data processing, data files and individual liberties entered into force, giving birth to one of the first data protection authorities in Europe, the Commission Nationale de L'Informatique et des Libertés (CNIL). In celebration, Mr. Alex Türk, current president of the CNIL, took the opportunity to assess the law. He considers it as a robust and creative law, still efficient in protecting the rights of individuals, even if technologies have greatly evolved since its enactment.
Up and Coming Privacy Pros (April 1, 2008)
KPMG awarded five law school students scholarships to attend the 2008 IAPP Privacy Summit in Washington D.C. in March. It proved an opportunity for all. KPMG had a chance to meet potential recruits and hear some new ideas from the next generation of privacy professionals and the law students had a chance to hear from the many different privacy perspectives represented at the conference.
Peter Adler (April 1, 2008)
Data privacy and information security authority M. Peter Adler, CIPP, has joined Pepper Hamilton LLP as a partner. Adler works out of Pepper Hamilton's Washington, D.C. office, helping clients from a range of sectors understand and comply with the many complex laws and regulations surrounding privacy and information security and management.
Global Privacy Dispatches- Canada- Video Surveillance (April 1, 2008)
On March 3, 2008 the Information and Privacy Commissioner of Ontario, Ann Cavoukian, released Privacy Investigation report MC07-68, titled "Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report."
Privacy on Exhibit (April 1, 2008)
As an artist, Wendy Richmond works toward a minimal aesthetic. As a writer, cultural criticism. In her recent show at the IAPP's Privacy Summit in Washington, D.C., she merged the two into a simple yet stimulating showcase. For Public Privacy: Wendy Richmond's Surreptitious Cellphone, Richmond rolled out the visual results of three years of people watching, and videotaping, to the delight, vexation, and provocation of conference-goers.
Solove Sounds Off (April 1, 2008)
Daniel Solove of George Washington University discuses blogs, how we have become our own enemies in cyberspace, and his new book, Understanding Privacy, which he hopes will be one of the first clear and accessible articulations of what privacy is and why it is valuable.
Summit Soars to Great Heights (April 1, 2008)
In a vernal twist of fate, Washington D.C.'s famed cherry trees bloomed a week early, just in time to greet 1,400 privacy professionals from all over the world for the annual International Association of Privacy Professionals (IAPP) Privacy Summit at the Renaissance Hotel.
Notes from the Executive Director (April 1, 2008)
You would think I'd be used to it now, but I am always surprised by what I see transpire during the IAPP's primary conferences—and pleasantly so. Our attendee count rises with each successive conference, and forum and plenary discussions continue to blaze trails, not only in our profession but also in the breadth of industries affected by privacy issues. The 2008 Privacy Summit in Washington, D.C. this past March was no exception.
Curing the Chronic Pain of Encryption: Five Common Fallacies (April 1, 2008)
Many security professionals have found legacy encryption frustrating and difficult to implement. This has led to frustration and apathy, with some choosing not to encrypt at all. Modern encryption technology makes this unnecessary, according to Brian Irish. Here he rights what he views as incorrect notions about encryption technology.
Data Protection and Outsourcing: What is All the Fuss About? (April 1, 2008)
In this article, Bridget Treacy and Maureen Cooney examine the significance of data protection when outsourcing and discuss applicable laws and key factors businesses should consider when planning to outsource operations overseas.