Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Privacy Breach Index (September 1, 2008)
The Ponemon Institute and Hilb Rogal & Hobbs Company (HRH) have developed a Privacy Breach Indexâ„¢ (PBI), a benchmarking tool that helps measure organizations' responses to data loss or theft. The index is expected to help companies safeguard against a breach, assess areas of vulnerability and benchmark data breaches responses.
Argentine Authority Hosts Seminar (September 1, 2008)
The Argentine data protection authority will host the national and international data protection seminar, V Seminario Nacional e Internacional, October 7-8 at the Colegio de Escribanos de la Ciudad de Buenos Aires.
Health Information Trust Alliance (September 1, 2008)
A group of nine healthcare companies interested in enhancing the privacy and security of electronic patient information above and beyond what the Health Insurance Portability and Accountability Act (HIPAA) requires have created a consortium dedicated to delivering best practices on electronic medical records. Charter members of the Health Information Trust Alliance (HITRUST), including GE Healthcare, Highmark Inc., Pitney Bowes Inc., Cisco Systems Inc. and others, will deliver a Common Security Framework—a toolkit for protecting information and managing risks—early next year.
Michael Kirby (September 1, 2008)
The Honorable Justice Michael Kirby received Australia's inaugural Privacy Medal at a gala dinner during Privacy Awareness Week last month. Among many other contributions in the area of privacy, Kirby was recognized for his development of the 1980 OECD on the protection of privacy and the trans-border flows of personal data.
Safe Harbor Certification Mark (September 1, 2008)
The U.S. Department of Commerce has developed a certification mark to identify companies that are certified under the U.S.-European Union (EU) Safe Harbor Framework. Companies appearing on the Department of Commerce's official Safe Harbor list can display the certification mark on their Web sites for one year and annually thereafter if they renew their Safe Harbor certification.
Global Privacy Dispatches- Czech Republic- Biometric Data (September 1, 2008)
On the basis of Council Regulation (EC) No. 2252/2004, the Czech Parliament approved and implemented the amendment to Act no. 329/1999 to allow for the use of biometric data (digital photographs and fingerprints) in travel documents.
FTC and RFID (September 1, 2008)
In a continuing exploration of the impact of radio frequency identification (RFID) technology, the Federal Trade Commission (FTC), in conjunction with the Transatlantic Symposium on the Societal Benefits of RFID, will host another workshop on RFID privacy concerns and contactless payments this month in Washington, D.C.
Spotlight On: Consumer Financial Services (September 1, 2008)
The Fair and Accurate Credit Transactions (FACT) Act requires financial institutions to create programs to identify “red flags”—key indicators of possible identity theft. Jennifer Rossi outlines the Act’s Red Flag Rules here—who is covered, what is required, and potential implementation pitfalls.
Workplace Monitoring Present and Future (September 1, 2008)
Traditionally, courts and legislatures have been unwilling to find a general right to privacy in the workplace. Accordingly, employers have enjoyed a fair amount of latitude in monitoring their employees. However, with continued advancements in the area of biometrics, workplace monitoring may be moving beyond what courts, legislatures, and employees have seen to date. The challenge for privacy officers will be balancing new employee-monitoring capabilities with employees’ privacy rights, and doing so in a way that doesn’t degrade worker productivity.
Global Privacy Dispatches- Canada- Blood Tribe (September 1, 2008)
While investigating an access request complaint (access denied), the assistant commissioner ordered the Blood Tribe Department of Health (Blood Tribe) to produce certain documents, for which it claimed solicitor-client privilege in order to determine whether there had been a breach of its access request obligations under the Personal Information Protection and Electronic Documents Act (PIPEDA).
IAPP Privacy Academy 2008: A Disney Classic in the Making (September 1, 2008)
…And we're not talking about mouse ears. Get ready to hear from the three major U.S. presidential campaigns at this month's IAPP Privacy Academy at Disney World. Representatives from the McCain and Obama campaigns, and Libertarian candidate Bob Barr will take the stage to discuss privacy.
Ontario Privacy Commissioner Recommends Generally Accepted Privacy Principles to Toronto Transit Com (September 1, 2008)
Ontario Information and Privacy Commissioner Ann Cavoukian hopes that publicity surrounding a Toronto Transit Commission (TTC) audit will lead to increased use of the Generally Accepted Privacy Principles (GAPP) framework. Cavoukian’s office undertook the review after UK-based human rights group, Privacy International, filed a complaint about the deployment of security cameras throughout TTC’s system. In this article, Nancy Cohen and Nicholas Cheung discuss the commissioner’s findings and describe the GAPP framework.
Accenture Case May Prove Value of Security Contract Clauses (September 1, 2008)
The case of Connecticut v. Accenture LLP demonstrates the need for companies to negotiate data privacy provisions when contracting for services that involve personal information. Such provisions would strengthen their legal position in the event a vendor loses or mishandles sensitive data. Attorneys Justine Young Gottshall and Patrick Mueller provide specific examples of terms companies should include in vendor contracts.
Notes from the Executive Director (September 1, 2008)
For many, September means back to the books, and that's certainly true for the privacy pros who will take the IAPP Certified Information Privacy Professional (CIPP) exam this month. The CIPP is fast becoming de rigueur in the marketplace and we look forward to rolling out our newest certification, the CIPP/IT, in just a couple of weeks.