Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Data Security Event (May 1, 2008)
Privacy and legal professionals from various disciplines gathered in Chicago on April 15 for a free one day workshop on "Protecting Personal Information: Best Practices for Business." From left: John Jensen, CIPP, Officer of the Senior VP for Health Services at the University of Minnesota's Academic Health Center, Justine Gottshall , CIPP, of Wildman Harrold, and Judy Macior, CIPP/G, CIPP/C, of Experian.
David Fowler (May 1, 2008)
IAPP member David Fowler has joined Chicago-based enterprise marketing platform provider Alterian as that company's Vice President of Deliverability and Privacy. Formerly, Fowler served as Global Vice President of Deliverability & Privacy Services at BlueHornet.
Australian Privacy Awards (May 1, 2008)
The Australian Privacy Commissioner is accepting nominations for the inaugural Australian Privacy Awards and Australian Privacy Medal. The awards aim to recognise businesses, government agencies and nonprofit organizations who have demonstrated an outstanding commitment in the field of privacy. The Privacy Medal will acknowledge an individual who has gone above and beyond in advancing privacy in Australia. Winners will be announced at a gala event in August.
HITSP Board of Directors (May 1, 2008)
Donald Bechtel, chief privacy officer of Siemens' Healthcare Data Exchange, was re-elected to the Board of Directors of the Healthcare Information Technology Standards Panel (HITSP).
Texas Identity Theft (May 1, 2008)
As part of an ongoing effort to prevent identity theft in the state, the Texas Attorney General has launched a Web site to help citizens avoid becoming victims of what has become the fastest growing white-collar crime in the nation. Texas ranks second in the nation for the number of ID theft complaints.
Proskauer Rose LLP (May 1, 2008)
IAPP member Kristen Mathews, CIPP, has joined Proskauer Rose LLP's New York office. Mathews specializes in technology, e-commerce and media-related transactions and advice, with concentrations in the areas of data privacy, data security, direct marketing and online advertising. Mathews is part of Proskauer's Privacy and Data Security and Technology, Media & Communications Practice Groups. She advises clients on responding to data security breaches, preparing privacy and data security policies, payment card data security and other technology areas.
Global Privacy Dispatches- UK (May 1, 2008)
Skipton Financial Services has signed an undertaking requiring it to encrypt personal data stored on laptops after a laptop containing the financial details of 14,000 customers was stolen from a contractor. The laptop contained names, dates of birth, national insurance numbers and investment amounts. This is the latest Information Commissioner Office (ICO) action pushing encryption of personal data on laptops.
Global Privacy Dispatches- UK- Information Commissioner Set Back (May 1, 2008)
The UK Information Commissioner has suffered a severe setback in his long-running campaign to see the introduction of custodial penalties for "data theft" contrary to section 55 of the Data Protection Act 1998. Earlier this month the UK Parliament suspended the operation of an amendment to section 55 that would have introduced custodial penalties, following highly effective lobbying by the UK press and media.
Global Privacy Dispatches- Israel- Privacy Bills (May 1, 2008)
Two new bills were recently introduced by the Israeli government: the Electronic Commerce Law and the Communications Law (Amendment No. 33). The two bills encompass privacy-enhancing provisions and target two issues long needed to be enacted—prohibition on spam and online anonymity.
Global Privacy Dispatches- France- Cybermonitoring (May 1, 2008)
A frequent visitor of a public library has brought an appeal against a decision to temporary expel him for having used the Internet facilities of the library to access porn sites. He claimed that he had not been given proper notice of controls of connections. The library's internal regulation specified a clear prohibition to access porn sites and provided that the library's staff was in charge of the implementation of these rules.
Global Privacy Dispatches- France- CHSCT (May 1, 2008)
AGME (Association pour la Gestion du Groupe Mornay Europe) employs 2,300 individuals and had planned to implement a project of performance evaluation based on interviews with employees. The employer presented the project to the works council, which objected that the project must also notify the CHSCT (Committee for Hygiene, Safety and Work Conditions) and to the CNIL (French Data Protection Authority).
Global Privacy Dispatches- France- Digital Economy (May 1, 2008)
The Commission of Economic Affairs of the National Assembly is working on a report to analyze the impact of this Law of June 21, 2004. According to La Gazette du Net, a pre-draft, not-yet-final, criticizing some court decisions (Tiscali, MySpace) would insist on maintaining the distinction between hosts and publishers.
Global Privacy Dispatches- France- Online Videogames (May 1, 2008)
The "Forum des droits de l'Internet," a recognized observatory of Internet practices, has published practical guidance intended for junior users of online video games, their parents and games publishers.
Global Privacy Dispatches- France- Note2be (May 1, 2008)
"Take the power, grade your teacher" is the claim of Internet site www.Note2be.com, which gave students the opportunity to grade their teachers and professors online. The site published the names of teachers or professors, the subject taught, the school or college where they practiced and the average grade given to them by Internet users, including a "Top 10" list.
California Privacy Officer (May 1, 2008)
California Governor Schwarzenegger appointed Mark Weatherford executive officer for the Office of Information Security and Privacy Protection in April. Weatherford joins the Governor's office after serving as chief information security officer for the state of Colorado since 2005. He held an information assurance management position with Raytheon Company before that.
Global Privacy Dispatches- Canada- GAPP (May 1, 2008)
In a special investigation report, "Privacy and Video Surveillance in Mass Transit System," published March 3, the Information and Privacy Commissioner of Ontario made several recommendations to the Toronto Transit Commission (TTC) regarding its deployment of video surveillance cameras. Prompting this investigation report was a complaint received from UK-based Privacy International relating to the use of video surveillance cameras throughout the city's mass transit system.
Notes from the Executive Director (May 1, 2008)
Springtime at 43 degrees north finds Canadians shedding their parkas and squeezing every last ray of sunlight possible from the day. That's what we found at the IAPP's first-ever Canadian Privacy Summit in Toronto May 21-23, where hundreds of lively Canadian privacy pros gathered to learn, network and become privacy certified.
An Introduction to Privacy Enhancing Technologies (May 1, 2008)
As global data protection laws tighten, some organizations are making greater use of automated privacy controls, or privacy enhancing technologies (PETs), to manage data protection. In this article, Steve Kenny, former PET expert for the European Commission and the Dutch data protection authority, introduces various PETs and explains how they can contribute to the management of privacy risk.
The Privacy Challenges of U.S. Fusion Centers (May 1, 2008)
The role of U.S. fusion centers in facilitating the collection and sharing of information among government agencies has expanded and evolved significantly since 9/11. According to one Department of Homeland Security (DHS) official, addressing privacy issues at the fusion centers will be a continuous process with “no finish line.” In this article, Rebecca Andino, CIPP/G, breaks down the issues.
Avoiding the Dumpster Spotlight (May 1, 2008)
In addition to laws that require security in the collection, handling, and processing of personal information, there are those that focus on the disposal and destruction of personal data. Running afoul of these laws can bring injunctions, ongoing auditing requirements, fines, and even criminal sanctions. In this article, attorney Luis Salazar and privacy experts Elise Berkower and Greg Dean offer businesses a specific strategy for compliance.