Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
HIPAA Rules (July 1, 2008)
The Healthcare Information and Management Systems Society (HIMSS) surveyed more than 500 health IT professionals in May to find out whether they feel HIPAA privacy and security rules are strong enough. The results? Fifty-four percent said they believe the rules are strong enough, while 34 percent of respondents said they believe they were not strong enough.
Kaiser Permanente Study (July 1, 2008)
More than half the respondents in a Kaiser Permanente study conducted in May feel that the nation's next president should make healthcare IT a big focus. Fifty-one percent of those surveyed said the next president should ensure that Americans have electronic access to their medical records.
Christopher Millard (July 1, 2008)
Christopher Millard has joined Queen Mary College, University of London, as the chair of privacy and information law at the School of Law. Millard has been teaching at the school since 1986, but this fall will begin his role as a full-time professor.
Global Privacy Dispatches- UK- Data Minimisation (July 1, 2008)
The Home Affairs Committee of the UK Parliament has requested the government "adopt a principle of data minimisation" in the information it collects and holds on citizens. This means that the government should collect only what is essential, store it only for as long as is necessary and "resist a tendency to collect more personal information and establish larger databases."
Global Privacy Dispatches- Netherlands- License Plate Recognition System (July 1, 2008)
In an effort to combat organized crime, the police department of the municipality of Zwolle has recently started using an automatic license plate recognition system. The system reads and stores the license plate numbers of all vehicles driving on highways in and around Zwolle and matches the license plate numbers against a database of license plates of organized crime suspects.
Global Privacy Dispatches- Israel- Employee Privacy (July 1, 2008)
Northern Israel's Nazareth District Labor Tribunal recently granted a plaintiff-employee's motion to suppress a number of email messages that were submitted with the defendant-employer's affidavit. The employee claimed that the employer obtained the messages by accessing the employee's work electronic mailbox without the employee's consent, thus violating his right to privacy.
Global Privacy Dispatches- Israel- New Anti Spam Law (July 1, 2008)
On May 27 the Israeli parliament enacted an amendment to the Communication Law that addresses the issue of unsolicited messages through electronic communication. While following the European 'opt-in' approach, the new anti-spam law also adopts principles and guidelines from American and Australian anti-spam acts.
Global Privacy Dispatches- France- CNIL Annual Report (July 1, 2008)
In 2007, the number of complaints received by the CNIL increased by 25 percent to 4,455. The areas in which most complaints were filed include: credit-banking, direct marketing, employment and telecommunications.
Global Privacy Dispatches- Canada- Annual Report on PIPEDA (July 1, 2008)
On June 3 the Privacy Commissioner of Canada, Jennifer Stoddart, submitted to Parliament her Annual Report on the Personal Information Protection and Electronic Documents Act (PIPEDA). The report provided an overview of the activities of her office for the year 2007, and outlined some key priorities for the coming year.
Student Privacy Comes Into Question (July 1, 2008)
The Belgian Privacy Commission has finally issued its guidelines on the processing of biometric data (Opinion n° 17/2008 of April 9, 2008). The guidelines were published almost five years after the Article 29 Working Party adopted its Working Document on biometrics (WP 80 of August 1, 2003).
Building the Privacy Profession (July 1, 2008)
Do you know of an outstanding student who may be interested in the field of privacy? The IAPP will once again offer conference scholarships for attendance at September's Privacy Academy in Orlando, where recipients can immerse themselves in real-world networking and education alongside privacy professionals and be paired with a professional mentor from KPMG
New Computer Crimes Law (July 1, 2008)
The Argentine Congress enacted a computer crime law. The new law (law n. 26.388) criminalizes the illegal access to a computer system, computer fraud and damages to information and software. In addition, the law creates a new offence related to privacy and data protection law: It is illegal to open, access or publish an email or document without authorization of the sender. Finally, the law makes it a crime to access without authorization a database, to illegally provide personal data to third parties when the law establishes its secrecy and to insert personal data in a database.
Transforming Healthcare with Information Technology (July 1, 2008)
Lucy Thomson identifies the benefits and highlights potential privacy risks of various electronic health records (EHR) offerings introduced by Google, Microsoft, and Revolution Health.
HIPAA Hits Five (July 1, 2008)
Annie Lindstrom speaks with CPOs, healthcare officers, and government officials about the Health Insurance Portability and Accountability Act’s (HIPAA) privacy rules on the fifth anniversary of their enactment. New technologies and the entrance of “non-covered entities” into the healthcare marketplace have challenged the rule’s effectiveness. Experts discuss the changing landscape.
The New Healthcare Privacy Debate (July 1, 2008)
Kirk Nahra discusses what he believes are the top questions raised by the rapid development of electronic medical records, personal health records (PHR), and health information exchanges (HIE). Nahra says the health information marketplace is fast outgrowing existing privacy regulations, and that going forward, drafting legislation that allows for the benefits of these new technologies while still protecting legitimate privacy and security interests will be a challenge