Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Data Protection and Privacy Workshop (November 1, 2008)
More than 60 professionals attended the Data Protection and Privacy Workshop hosted by the IAPP and the Gesellschaft fÃ¼r Datenschutz und Datensicherung (German Association for Data Protection) last month in Strasbourg.
Varney named to Obama Team (November 1, 2008)
A leading privacy attorney and founder of the Online Privacy Alliance has been named to Barack Obama's transition team. Christine Varney will serve as personnel counsel during the three-month transition. Varney has headed the Internet practice group at international law firm Hogan & Hartson for the last decade.
Privacy Progression (November 1, 2008)
Carol DiBattiste has been named senior vice president of privacy, security compliance and government affairs for LexisNexis. DiBattiste joins LexisNexis from ChoicePoint, where she served as general counsel and chief privacy officer. At LexisNexis, DiBattiste will represent the company on privacy matters, set the company's privacy policies, direct privacy compliance, and oversee internal and external privacy education and training for the company.
Partner in Privacy (November 1, 2008)
Daniel Cooper has been elected to Covington & Burling's partnership. Based in London, Cooper handles the firm's growing privacy and data security practice there. He counsels clients in myriad industries on European and UK data protection, data retention and freedom of information laws, as well as associated information technology and e-commerce laws and regulations.
Global Privacy Dispatches- France- Observatory Body Annual Report (November 1, 2008)
The French observatory body, "Observatoire de la securite des cartes de paiement," issued its fifth annual report. The report is available at www.observatoire-cartes.fr. It observes a small decrease in the overall number of frauds in 2007 (-0,062% in comparison with 2006), with the total amount of fraud amounting to 268,5 millions of Euros. However, an increase in frauds on remote payments was also noticed (50,1 millions of Euros), and fraud rates were higher on payments via the internet than on payments by postmail or phone.
Global Privacy Dispatches- France- CNIL Award (November 1, 2008)
The CNIL announced the creation of an award which will be granted on an annual basis to a thesis related to the protection of personal data in the fields of law, history, human or political sciences, sociology, or economics, as well as technical fields. Applicants must have received a magna cum laude award for their thesis from a French University and they must submit their application to the CNIL before January 20.
Global Privacy Dispatches- France- Litigation Data (November 1, 2008)
In a litigation opposing the insurance commissioner of the State of California and the French insurance company MAAF, a French attorney sought to obtain for his U.S. client information from a former member of the MAAF's board of directors on the conditions under which board decisions were made about the purchase of Executive Life.
Global Privacy Dispatches- France- BCRs (November 1, 2008)
The G29 and the CNIL continue intensive work on Binding Corporate Rules (BCR). New clarifying documents should be issued soon, such as additional FAQs and examples of BCR provisions. On the French side of things, the CNIL continues to organize meetings with businesses of various industry sectors in order to sensitize them on the interest of BCR.
Global Privacy Dispatches- France- Employee Privacy (November 1, 2008)
An employee who was terminated for abusing his employer's IT resources claimed that the employer's access of his internet navigation history violated his right to privacy and labor and employment code. However, the Supreme Court determined that an employer can access navigation logs for internet connections made during working hours using the employer's IT resources, as such connections are presumed to be of a professional nature.
Global Privacy Dispatches- France- Privacy (November 1, 2008)
The Forum des Droits sur l'Internet, in coordination with the CNIL, has launched an online consultation about privacy on the internet. Internet users can exchange views in an open forum until January 15 on four main topics.
Global Privacy Dispatches- France- Edvige (November 1, 2008)
Edvige has been making headlines in France and Brussels. Edvige is not, as you might expect, the new tall, blond, Nordic girlfriend of a French VIP. It is the name of a new system that the French Ministry of Interior seeks to implement.
Identity Compliance (November 1, 2008)
Sun Microsystems has released Identity Compliance Manager software to help companies comply with regulations and mitigate risk.
Global Privacy Dispatches- European Union- BCR Approvals (November 1, 2008)
On October 1, the Article 29 Working Party—a group of EU data protection authorities— announced that France, Germany, Ireland, Italy, Latvia, Luxembourg, the Netherlands, Spain and the UK have agreed to mutually recognize one another's approvals of Binding Corporate Rules (BCRs).
Global Privacy Dispatches- Argentina and Latin America- Data Protection Law (November 1, 2008)
Uruguay has a new data protection law. The Senate approved the law on July 16 and it was finally sanctioned by the Executive Power the first week of August, 2008. The law is based on European data protection law models. It contains a full set of data protection principles, including those on consent, notices, ban on certain transfers, and a provision forbidding the transfer of personal data to destinations lacking adequate protection.
Global Privacy Dispatches- Argentina and Latin America- Computer Crimes Law (November 1, 2008)
The Argentine Congress enacted a computer crimes law. The new law (law n. 26.388) criminalizes the illegal access to a computer system, computer fraud, and damages to information and software. In addition, the law creates a new offence related to privacy and data protection law: it is now illegal to open or access and publish an email or a document without authorization of the sender.
Global Privacy Dispatches- Argentina and Latin America- DPA (November 1, 2008)
The Data Protection Agency (DPA) issued Disposition 5/2008 detailing the procedure to perform audits in data controller. The aim of Disposition 5/2008 is to regulate how audits take place and to describe audit stages. Under this new regulation, the data protection agency will send a note with a questionnaire to the company several days before the inspection.
Surveilled (November 1, 2008)
On a late October evening, privacy professionals stepped out for some after-hours camaraderie with colleagues at locations across the world. From Auckland to Cleveland, those working in the privacy field gathered to meet, talk shop, and share a few laughs.
New PCI Data Security Standards expand obligations (November 1, 2008)
Attorney Susan Lyon outlines the actions companies must take to comply with the latest version of the Payment Card Industry Data Security Standards (PCI DSS Version 1.2). The new rules affect wireless networks and non-Windows-based platforms in particular. Lyon notes that, while some of the changes will ease or clarify the rules set out in Version 1.1, others may impact businesses due to significantly expanded security obligations.
Commissioner's Positions (November 1, 2008)
The IAPP is pleased to bring you this Q&A interview with Federal Trade Commission Chairman William E. Kovacic. Chairman Kovacic will deliver the keynote address at the upcoming IAPP Privacy Dinner in Washington, DC.
A global triangle of trust (November 1, 2008)
David Hoffman, CIPP, says that greater transparency in data handling practices, while necessary, has done little to promote trust in the marketplace. He discusses the role of accountability and assurance in trust building, and proposes that government, industry, and NGO work together to create a global “triangle of trust” to this end.
Notes from the Executive Director (November 1, 2008)
Regardless of your political affiliation, the recent election results must be regarded as a momentous occasion for the U.S. and, indeed, the world. At a recent conference for the GDD, our sister organization in Germany, I was struck by how many Europeans are fascinated by the President Elect. Their interest was based on all the "firsts" that Barack Obama represents.