Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Notes from the Executive Director (August 1, 2008)
For many of us, August is a sunset month. North of the equator summer takes its last gasp and we rush to fit in vacations, some rest and perhaps a little back-to-school shopping before autumn blows in. As children head back to the classroom, we turn our focus toward some of the special privacy issues facing educational institutions.
Schools Data Breaches (August 1, 2008)
Experts at a higher-education computer security conference this spring said that one in four data security breaches involves educational institutions. In a talk about the growing prevalence of cyber fraud and identity theft, Brian Foster of Symantec Corp.
New CIPP Program Architecture to Debut Next Month (August 1, 2008)
Thinking about joining thousands of privacy professionals by obtaining a Certified Information Privacy Professional (CIPP) credential? Next month, the IAPP rolls out an expanded architecture for all existing privacy certifications that also includes the new IT privacy certification, CIPP/IT.
Campus Roundup (August 1, 2008)
From data masking to the societal impact of radio frequency identification, students and faculty at colleges and universities worldwide are creating knowledge in many privacy-related areas.
Global Privacy Dispatches- Canada- Children's Privacy (August 1, 2008)
On June 4, 2008 the federal, provincial and territorial privacy commissioners of Canada issued a joint resolution expressing their commitment to improve online privacy for children and young people.
Family Educational Rights and Privacy Act Updates (August 1, 2008)
Steve MacDonald, general counsel for the Rhode Island School of Design, outlines the most significant of the Department of Education’s proposed amendments to the Family Educational Rights and Privacy Act (FERPA), identifying key questions and considerations educational institutions should address prior to implementing the new rules.
Protecting Privacy and Security in a Large and Complex Organization: An Introduction to the SPIA Pro (August 1, 2008)
The University of Pennsylvania developed the Security and Privacy Impact Assessment (SPIA) program to deal with the unique privacy challenges inherent in large and complex organizations that have many diverse and distributed units. In this article, SPIA co-creators Lauren Steinfeld and Maura Johnston outline the program and discuss why it has been such a success.
Some Reflections on Working Document 1/2008 of Article 29 Data Protection Working Party (August 1, 2008)
The Article 29 Data Protection Working Party Document 1/2008 launched a public discussion about children’s privacy in the European Union. Diego Ramos outlines the Document, which stresses the importance of applying stricter security measures for handling children’s personal information, and examines key questions about children’s privacy and privacy rights
Russian Data Protection (August 1, 2008)
Officials at the Russian Federal Service for Oversight of Mass Media, Communications and Protection of Cultural Heritage have launched a Web site dedicated to data protection. The site aims to aid compliance with Russia's two-year-old data protection law, The Federal Law of the Russian Federation on Personal Data.
Presidential Campaign (August 1, 2008)
With just three months to go before the 2008 general election, the IAPP is pleased to bring some political passion to the Privacy Academy in Orlando next month. Libertarian presidential candidate Bob Barr and McCain advisor Orson Swindle will present their campaigns' privacy platforms at the event.
DHS Committee (August 1, 2008)
Daniel Caprio Jr., Global Public Affairs Advisory Council member for Waggener Edstrom Worldwide, recently began a multiyear term on the Department of Homeland Security Data Privacy and Integrity Advisory Committee. The committee works to solve prevalent issues at the intersection of business, government and society.
Identity Monitoring Services (August 1, 2008)
The Privacy Rights Clearinghouse (PRC) says that many credit monitoring services are overpriced and not worth the money they cost. The San Diego-based advocacy group has released an online guide with tips on selecting identity-theft monitoring services.
Global Privacy Dispatches- South America- IDPN (August 1, 2008)
For the first time, the U.S. Department of Homeland Security (DHS) was asked to observe the Iberoamerican Data Protection Network (IDPN) meeting, which was held in Cartagena, Colombia, May 27-29. The IDPN was created in 2003 by the Spanish Data Protection Authority as a forum to advance privacy concepts across Spanish-speaking countries in Latin America, and to provide policy guidance and resources based on Spanish law.
Global Privacy Dispatches- Netherlands- Do Not Call Register (August 1, 2008)
The Dutch Senate is considering a legislative proposal for a national Do-Not-Call register. If adopted, the proposal will require businesses and organizations to check the Do-Not-Call register before making unsolicited calls to Dutch telephone subscribers for commercial, idealistic or charitable purposes. If a subscriber is in the register, he may not be called.
Global Privacy Dispatches- Israel- Biometric Database (August 1, 2008)
A draft bill on biometric identification recently has been introduced by the Israeli Home Office. The Israeli government is looking to regulate the legal status of biometric national IDs, travel documents and passports, but its proposal goes one step further than legislation adopted in the more than 40 countries that have already introduced biometric passports, in a way that poses a significant threat to privacy.
Global Privacy Dispatches- France- HR Data Processing (August 1, 2008)
After investigating no fewer than 50 companies on their employment data processing activities over the past year, the French data protection authority (CNIL) has concluded that employee notices are not robust enough, security measures are often weak and data retention procedures are usually non-existent.