Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
FTC at 100 (October 1, 2008)
Approaching the century mark, the Federal Trade Commission (FTC) has launched a self-assessment to measure how well it has carried out the destiny foreseen by Congress when the agency was established in 1914.
Shred It Up (October 1, 2008)
Saturdays are for soccer games, dump runs, and barbeques, and on a recent Saturday in September, shredding sensitive documents. More than 100 secure shredding companies nationwide offered free services to the public on September 20. The events aimed to raise awareness about the importance of protecting discarded personal information.
Privacy in the Workplace (October 1, 2008)
Australia's privacy commissioner released a book aimed at helping employees and employers navigate workplace privacy issues. Privacy at Work: A Guide to the Privacy Act for Employers and Employees offers guidance on applying the Privacy Act in the workplace, answering questions about CCTV cameras, email monitoring, workplace drug testing, finger scanning and other issues.
Global Privacy Dispatches- UK- Enforcement Actions (October 1, 2008)
The information commissioner cancelled an enforcement notice served to UK retailer Marks & Spencer following an appeal by the company at the Information Tribunal. The commissioner had served the notice on M&S alleging that the company had breached the Data Protection Act when a supplier's unencrypted laptop was stolen, citing the requirement that all laptops be encrypted by 1 April.
Global Privacy Dispatches- Israel- Twinning Program (October 1, 2008)
The Israeli privacy and data protection authority (ILITA) has launched a collaborative program with the Spanish data protection authority. The twinning program aims to strengthen the effective protection of personal data in Israel by developing ILITA's operational and effective enforcement capabilities, with the goal of bringing them in line with international standards and those set out in the EU data protection directive.
Privacy in Print (October 1, 2008)
Frequent Privacy Advisor contributor Pablo Palazzi recently pointed his pen in a different direction, producing Credit Reporting, a book that presents the legal framework governing the use of personal data contained in credit reports.
Maureen Cooney CPO TRUSTe (October 1, 2008)
Maureen Cooney, CIPP/G, has been named chief privacy officer and vice president for public policy at TRUSTe. Cooney brings decades of experience in the privacy field, previously serving as acting chief privacy officer at the U.S. Department of Homeland Security, and as an information privacy and security legal advisor for international consumer protection at the U.S. Federal Trade Commission.
Global Privacy Dispatches- Canada- CBA (October 1, 2008)
On August 17, the privacy commissioner of Canada, Jennifer Stoddart, spoke at the Canadian Bar Association (CBA) Legal Conference and Expo. In her speech, Ms. Stoddart noted how technological advances have resulted in personal information moving rapidly around the globe, and how this trend has direct implications for lawyers and the legal profession, including the following impacts.
Privacy Professional (October 1, 2008)
Congressman Joe Barton, co-founder of the Congressional Privacy Caucus, says that data privacy will continue to rise as a matter of concern and that a broad-based approach to protecting privacy is both desirable and inevitable. Congressman Barton discusses his work in this area and what motivates his efforts, saying: “Our personal information belongs to us, not the people with whom we do business.”
Privacy Innovacation Awards (October 1, 2008)
Three organizations were recognized with Privacy Innovation Awards at the IAPP Privacy Academy in Orlando last month. Sponsored by HP and the International Association of Privacy Professionals, the awards recognized significant innovations in privacy-enhancing initiatives.
Global Privacy Dispatches- Belgium- Russias Data Protection Act (October 1, 2008)
The enforcement of Russia's Data Protection Act (DP Act) is a fact. Further to the Russian Regulation No. 419 on Federal Service for Oversight of Communications and Mass Media of June 2, 2008, enforcement is carried out by the Federal Service for Oversight of Communications and Mass Media (Rossvyazcomnadzor) (DPA).
KnowledgeNet (October 1, 2008)
Tropical storm Faye delayed, but didn't dampen the first-ever Miami KnowledgeNet event on August 27. Ten IAPP members attended, including Emmet Lange, Betsy Paneque, Robert Kantor, Carlos Echeverri, Miriam Lang, Ricardo Johnson, Jorge Rey and Luis Salazar. Sunera LLC Director Eric Dietrich presented "Managing Vendors to Ensure Data Security and Privacy."
Making Magic (October 1, 2008)
At Disney, it seems, anything is possible. Elephants fly. Fish talk. Lions cohabitate with gazelles, and crocs with hippos, all without incident. It's a magical vibe in this place where parades happen spontaneously and fireworks light the sky each night.
Customs and cross-border data transfer (October 1, 2008)
A United States Appellate Court decision and recently publicized policy statements from U.S. border agencies confirm that the “Border Search Doctrine”—which allows for suspicion-less and warrantless searches of closed containers and their contents at U.S. border crossings—also applies to electronic devices such as laptops and memory sticks. This article explores the privacy implications and steps businesses must take to safeguard data.
Reforming Australian Privacy Laws (October 1, 2008)
Richard Smith details the Australian Law Reform Commission (ALRC) recommendations for updating Australia’s privacy laws. The ALRC proposes adding mandatory breach notification requirements, placing new controls on trans-border data flows, creating statutory claims for invasion of privacy, and increasing penalties for non-compliance, among other actions.