Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
IBM Screen Masking (September 1, 2009)
Researchers at IBM’s Haifa, Israel Lab have developed a screen-masking software to help organizations protect the privacy of sensitive information by blocking it from view on computer screens.
Broaden your privacy portfolio (September 1, 2009)
Six thousand members. Hundreds of volunteers. The privacy profession and the IAPP continue to experience rapid growth. But we need your help! Be one of the hundreds of IAPP members worldwide who are actively engaged in building the privacy profession as advisory board members with the IAPP.
Administration proposes new federal Consumer Financial Protection Agency (September 1, 2009)
The Obama Administration's proposed sweeping changes to financial services regulation include the creation of a new consumer-protection bureau—The Consumer Financial Protection Agency.
On notice, consent, and radical transparency (September 1, 2009)
U.S. fair information practices are founded on the concept of notice and choice, but the effectiveness this framework has come into question in professional circles, with some suggesting that in the brave new digital world where data collection opportunities are many and data use opportunities are rich, “notice” is failing when it comes to privacy.
Commissioner’s report on Facebook (September 1, 2009)
The Assistant Privacy Commissioner of Canada, Elizabeth Denham, issued a Report of Findings on an investigation into Facebook’s privacy practices on July 16. The commission launched the investigation on receiving a complaint from the Canadian Internet Policy and Public Interest Clinic (CIPPIC).
"New HIPAA" poses important challenges for business associates (September 1, 2009)
The new Health Insurance Portability and Account-ability Act (HIPAA) privacy and security requirements, imposed by the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), will have a significant impact on the privacy and security of healthcare information, and on the compliance obligations for affected healthcare companies.
Privacy and electronic health records in Canada (September 1, 2009)
The federal and provincial governments of Canada have invested billions to develop health information technology, but privacy concerns loom. Public support for EHRs, says Michael Power, will be tied to how well patients’ private information is protected. Power describes Canada’s EHR landscape here.
Europe leads effort toward international privacy standard (September 1, 2009)
The Spanish Data Protection Authority on June 11 held a second meeting to discuss a proposed draft international privacy standard. The data protection authorities involved seek to complete the document for adoption at the meeting of the International Conference of Data Protection and Privacy Commissioners (ICDPPC) in Madrid this November.
Helping organisations become more transparent (September 1, 2009)
The Information Commissioner’s Office (ICO) has launched a new Privacy Notices Code of Practice that will help organisations provide more user-friendly privacy and marketing notices. The ICO wants to see an end to the confusing privacy notices that are written to protect organisations rather than to inform the public.
On site investigations: the 2009 programme (September 1, 2009)
The CNIL has issued its onsite investigation programme for 2009. Areas of focus in the private sector will include recruitment activities (including recruitment agencies, Internet sites, and large groups);
DPA enforces information security in hospitals (September 1, 2009)
On June 2, 2009 the Dutch Data Protection Authority (DPA) took enforcement action against four Dutch hospitals because they failed to improve their information security practices.
Data Protection Act amendments (September 1, 2009)
The amendments to the Federal Data Protection Act (FDPA; in German: Bundesdaten-schutzgesetz - BDSG) passed parliament (the Bundestag) on July 3, and on July 10, the second chamber (the Bundesrat - Federal Council) decided not to raise objections. The act now only needs signature by the President and promulgation. It will, with limited exceptions, enter into force on September 1, 2009.
OPC Essay Competition (September 1, 2009)
The Office of the Privacy Commissioner of Canada (OPC) has awarded a Queen’s University student with $2,500 and the opportunity to be published. Mathew Johnson won the OPC’s first-ever essay competition.
Daniel Caprio (September 1, 2009)
Daniel Caprio has joined the Government Affairs practice at McKenna Long & Aldridge LLP as Managing Director. Caprio will counsel clients in the areas of data and information privacy, RFID, and cybersecurity.
Privacy After Hours (September 1, 2009)
Mark your calendars for the next Privacy After Hours event Thursday, October 8. Held at locations worldwide, Privacy After Hours gatherings have become popular post-work networking events
Richard Allan (September 1, 2009)
Facebook has appointed Richard Allan to head up its lobbying efforts in the European Union. Allan is the former head of European regulatory affairs for Cisco.
CACR Grants (September 1, 2009)
The Center for Applied Cybersecurity Research (CACR) at Indiana University recently awarded $230,000 in grants to five interdisciplinary teams of IU researchers who will study cybersecurity issues.
Kimberley Gray (September 1, 2009)
Kimberly Gray has joined market intelligence firm IMS as its chief privacy officer, Americas. Gray will direct all privacy-related activities for IMS operating companies in the U.S., Canada, and Latin America.
Peter Swire (September 1, 2009)
The privacy field’s loss is the executive office’s gain. Peter Swire, CIPP, has joined the ranks of the National Economic Council, where he will work on issues related to housing, finance, and mortgages.