Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
POLAND—DPA vs. Google on the Information Security Administrator
The Supreme Administrative Court, in its judgment of 21 February, supported the position adopted by the Polish Data Protection Authority (DPA) in its decision issued towards Google, Inc.
UK—ICO Issues 50,000 GBP Fine for Unsolicited Calls
The Information Commissioner’s Office has fined home improvement company Amber Windows 50,000 GBP after an investigation discovered they had made unsolicited marketing calls to individuals who had registered with the Telephone Preference Service.
UK—ICO Publishes Plans for 2014-17
The UK Information Commissioner’s Office has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation.
UK—Disclosure and Barring Service Warned After Collecting Unnecessary Sensitive Data
The UK Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks.
FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act.
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list.
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing.
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls.
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker.
Data Security Event (May 1, 2008)
Privacy and legal professionals from various disciplines gathered in Chicago on April 15 for a free one day workshop on "Protecting Personal Information: Best Practices for Business." From left: John Jensen, CIPP, Officer of the Senior VP for Health Services at the University of Minnesota's Academic Health Center, Justine Gottshall , CIPP, of Wildman Harrold, and Judy Macior, CIPP/G, CIPP/C, of Experian.
David Fowler (May 1, 2008)
IAPP member David Fowler has joined Chicago-based enterprise marketing platform provider Alterian as that company's Vice President of Deliverability and Privacy. Formerly, Fowler served as Global Vice President of Deliverability & Privacy Services at BlueHornet.
Australian Privacy Awards (May 1, 2008)
The Australian Privacy Commissioner is accepting nominations for the inaugural Australian Privacy Awards and Australian Privacy Medal. The awards aim to recognise businesses, government agencies and nonprofit organizations who have demonstrated an outstanding commitment in the field of privacy. The Privacy Medal will acknowledge an individual who has gone above and beyond in advancing privacy in Australia. Winners will be announced at a gala event in August.
HITSP Board of Directors (May 1, 2008)
Donald Bechtel, chief privacy officer of Siemens' Healthcare Data Exchange, was re-elected to the Board of Directors of the Healthcare Information Technology Standards Panel (HITSP).
Texas Identity Theft (May 1, 2008)
As part of an ongoing effort to prevent identity theft in the state, the Texas Attorney General has launched a Web site to help citizens avoid becoming victims of what has become the fastest growing white-collar crime in the nation. Texas ranks second in the nation for the number of ID theft complaints.
Proskauer Rose LLP (May 1, 2008)
IAPP member Kristen Mathews, CIPP, has joined Proskauer Rose LLP's New York office. Mathews specializes in technology, e-commerce and media-related transactions and advice, with concentrations in the areas of data privacy, data security, direct marketing and online advertising. Mathews is part of Proskauer's Privacy and Data Security and Technology, Media & Communications Practice Groups. She advises clients on responding to data security breaches, preparing privacy and data security policies, payment card data security and other technology areas.
Global Privacy Dispatches- UK (May 1, 2008)
Skipton Financial Services has signed an undertaking requiring it to encrypt personal data stored on laptops after a laptop containing the financial details of 14,000 customers was stolen from a contractor. The laptop contained names, dates of birth, national insurance numbers and investment amounts. This is the latest Information Commissioner Office (ICO) action pushing encryption of personal data on laptops.
Global Privacy Dispatches- UK- Information Commissioner Set Back (May 1, 2008)
The UK Information Commissioner has suffered a severe setback in his long-running campaign to see the introduction of custodial penalties for "data theft" contrary to section 55 of the Data Protection Act 1998. Earlier this month the UK Parliament suspended the operation of an amendment to section 55 that would have introduced custodial penalties, following highly effective lobbying by the UK press and media.
Global Privacy Dispatches- Israel- Privacy Bills (May 1, 2008)
Two new bills were recently introduced by the Israeli government: the Electronic Commerce Law and the Communications Law (Amendment No. 33). The two bills encompass privacy-enhancing provisions and target two issues long needed to be enacted—prohibition on spam and online anonymity.
Global Privacy Dispatches- France- Cybermonitoring (May 1, 2008)
A frequent visitor of a public library has brought an appeal against a decision to temporary expel him for having used the Internet facilities of the library to access porn sites. He claimed that he had not been given proper notice of controls of connections. The library's internal regulation specified a clear prohibition to access porn sites and provided that the library's staff was in charge of the implementation of these rules.
Global Privacy Dispatches- France- CHSCT (May 1, 2008)
AGME (Association pour la Gestion du Groupe Mornay Europe) employs 2,300 individuals and had planned to implement a project of performance evaluation based on interviews with employees. The employer presented the project to the works council, which objected that the project must also notify the CHSCT (Committee for Hygiene, Safety and Work Conditions) and to the CNIL (French Data Protection Authority).
Global Privacy Dispatches- France- Digital Economy (May 1, 2008)
The Commission of Economic Affairs of the National Assembly is working on a report to analyze the impact of this Law of June 21, 2004. According to La Gazette du Net, a pre-draft, not-yet-final, criticizing some court decisions (Tiscali, MySpace) would insist on maintaining the distinction between hosts and publishers.
Global Privacy Dispatches- France- Online Videogames (May 1, 2008)
The "Forum des droits de l'Internet," a recognized observatory of Internet practices, has published practical guidance intended for junior users of online video games, their parents and games publishers.
Global Privacy Dispatches- France- Note2be (May 1, 2008)
"Take the power, grade your teacher" is the claim of Internet site www.Note2be.com, which gave students the opportunity to grade their teachers and professors online. The site published the names of teachers or professors, the subject taught, the school or college where they practiced and the average grade given to them by Internet users, including a "Top 10" list.
California Privacy Officer (May 1, 2008)
California Governor Schwarzenegger appointed Mark Weatherford executive officer for the Office of Information Security and Privacy Protection in April. Weatherford joins the Governor's office after serving as chief information security officer for the state of Colorado since 2005. He held an information assurance management position with Raytheon Company before that.
Global Privacy Dispatches- Canada- GAPP (May 1, 2008)
In a special investigation report, "Privacy and Video Surveillance in Mass Transit System," published March 3, the Information and Privacy Commissioner of Ontario made several recommendations to the Toronto Transit Commission (TTC) regarding its deployment of video surveillance cameras. Prompting this investigation report was a complaint received from UK-based Privacy International relating to the use of video surveillance cameras throughout the city's mass transit system.
Notes from the Executive Director (May 1, 2008)
Springtime at 43 degrees north finds Canadians shedding their parkas and squeezing every last ray of sunlight possible from the day. That's what we found at the IAPP's first-ever Canadian Privacy Summit in Toronto May 21-23, where hundreds of lively Canadian privacy pros gathered to learn, network and become privacy certified.
An Introduction to Privacy Enhancing Technologies (May 1, 2008)
As global data protection laws tighten, some organizations are making greater use of automated privacy controls, or privacy enhancing technologies (PETs), to manage data protection. In this article, Steve Kenny, former PET expert for the European Commission and the Dutch data protection authority, introduces various PETs and explains how they can contribute to the management of privacy risk.
The Privacy Challenges of U.S. Fusion Centers (May 1, 2008)
The role of U.S. fusion centers in facilitating the collection and sharing of information among government agencies has expanded and evolved significantly since 9/11. According to one Department of Homeland Security (DHS) official, addressing privacy issues at the fusion centers will be a continuous process with “no finish line.” In this article, Rebecca Andino, CIPP/G, breaks down the issues.
Avoiding the Dumpster Spotlight (May 1, 2008)
In addition to laws that require security in the collection, handling, and processing of personal information, there are those that focus on the disposal and destruction of personal data. Running afoul of these laws can bring injunctions, ongoing auditing requirements, fines, and even criminal sanctions. In this article, attorney Luis Salazar and privacy experts Elise Berkower and Greg Dean offer businesses a specific strategy for compliance.