Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
PhD in Privacy (October 1, 2009)
Carnegie Mellon University in Pittsburgh will establish a PhD program in usable privacy and security.
Commission takes major step towards re-opening Data Protection Directive seeks public input (October 1, 2009)
The European Commission has initiated a public consultation on “the legal framework for the fundamental right to protection of personal data.” The CommissionA has indicated that the consultation is intended to gather information on the challenges that should be addressed to maintain an effective and comprehensive legal framework for data protection.
Data breach 2009: lessons learned (October 1, 2009)
At the IAPP Practical Privacy Series in Silicon Valley, Joanne McNabb, CIPP/G, of the California Office of Privacy Protection and Julie Fergerson of Debix ran participants through live, interactive data breach scenarios. Here are their thoughts on the exercise and their reactions to participants’ responses
Belgian consumers to pay for privacy-unfriendly data retention measures? (October 1, 2009)
The Belgian Ministry of Justice has proposed a bill imposing a two-year data retention period for telecom operators and Internet service providers that offer communication services in Belgium. The retention period would serve the investigation, detection, and prosecution of serious crimes, such as organized crime or terrorist activities. Service providers would be required to retain traffic data, such as the sender and receiver’s telephone number or e-mail address, IP numbers, and the date, time, and duration of a communication.
Don't bet against the privacy profession (October 1, 2009)
If you had asked David Hoffman last year to bet on the prospects of the privacy profession, he would have declined the offer. The economy was faltering, many data-centric industries, such as financial services, were shedding jobs, and there was plenty of talk about how the narrow focus of the privacy function had made the position expendable at too many companies.
Is an employee's off-duty conduct off-limits to an employer? (October 1, 2009)
The monitoring of employees is standard procedure in many workplaces. Although the restrictions on employee monitoring in the workplace may vary from country to country, most privacy and employment legislation recognises the advantages to employers of monitoring employees in the workplace, and accepts that such monitoring may be essential to the effective and efficient running of some businesses.
Israeli attitudes on privacy (October 1, 2009)
Recently, I had the opportunity to teach a short course on data security and privacy at an Israeli law school. The experience was enlightening.
DHS PIAs provide a model for global practice (October 1, 2009)
Australia, Canada, New Zealand, the United Kingdom, and the United States recently concluded an information-sharing agreement under the auspices of the Five Country Conference (FCC) to support visa, immigration, and/or admissibility determinations between countries.
Global Privacy Dispatches- UK Communications Data (October 1, 2009)
The Information Commissioner’s Office (ICO) issued an official statement recognizing the value of communications data in the prevention and detection of crime and prosecution of offenders. However, the ICO said that this, in itself, is not a sufficient justification for mandating the collection of all possible communications data on all subscribers by all communication service providers (CSPs).
UPS takes remedial action following data loss (October 1, 2009)
UPS, the parcel service and global transportation and logistics business, has taken remedial action, including the encryption of all its UK laptops and smartphone devices, following a breach of the Data Protection Act. UPS also signed an Undertaking to assure the Information Commissioner’s Office that personal information will be kept securely in future.
SMS retention brings class action (October 1, 2009)
A class action suit has been filed in the District Court of the central district against cellular provider Pelephone Communications Ltd. The claim alleges that Pelephone monitors short messages sent or received by subscribers and saves the content for further use, without customers’ knowledge or mindful consent.
Google Street View: undertakings towards German DPAs (October 1, 2009)
The DPO of Hamburg was also called into action in June, when Google sent cars onto the city’s streets to capture images for its Street View service. A dispute arose between Google and the Hamburg DPO about the data protection implications of Street View. The dispute has been settled, and Google has agreed to erase data (even in raw data files) depicting people, property, or cars, upon request.
Employee screenings (October 1, 2009)
On April 24, 2009, the so-called Düsseldorfer Kreis (the assembly of all supreme German DPAs) adopted a resolution on privacy aspects of employee screenings by internationally operating companies.
“Peer-to-peer law” found partly unconstitutional (October 1, 2009)
The French Senate voted on the HADOPI law for protecting copyrighted works against infringement via electronic communications networks on May 13. (See “HADOPI,” on page 12 of the July, 2009 issue of the Privacy Advisor.) But this new law has given rise to controversy and will be challenged before the Constitutional Court, the Conseil Constitutionel.
Attorneys at law can become data protection correspondents (October 1, 2009)
The Conseil National des Barreaux (French National Bar Council) recently modified its national rules (RIN) to enable registered attorneys at law to become data protection correspondents (CIL), the French version of DPOs.
Registry closes, Index opens (October 1, 2009)
There’s old saying about how, when one door closes, another opens. This adage applies nicely to recent developments concerning marketers in New Zealand. When the new Land Transport Amendment Bill takes effect later this year, they will no longer have access to the bulk mailing addresses of vehicle owners.
2009 Vanguard Award (October 1, 2009)
During an intimate dinner celebration at the IAPP Privacy Academy in Boston last month, Michelle Dennedy received the 2009 Goodwin Procter-IAPP Privacy Vanguard Award.
ID Experts (October 1, 2009)
Breach prevention company ID Experts has been named to the Inc. 500 list of America’s fastest-growing companies. The company came in at number 32, and second among security companies.
Kenneth Mortensen (October 1, 2009)
Kenneth Mortensen, CIPP, CIPP/G, has joined Boston Scientific Corporation as its chief privacy officer. He will be responsible for implementing BSC’s global privacy framework, enhancing and incorporating privacy training into employee education, and minimizing privacy impacts.
Implied Consent (October 1, 2009)
Ontario’s Information and Privacy Commissioner has released a publication to help patients understand implied consent as it pertains to the collection, use, or disclosure of personal health information. Commissioner Ann Cavoukian collaborated with seven Canadian healthcare organizations to create “Circle of Care: Sharing Personal Health Information for Health-Care Purposes.”
Chris Zoladz (October 1, 2009)
Chris Zoladz, CIPP, a founding member and past president of the IAPP, has established the privacy consulting firm, Navigate LLC. Based in Washington, DC, Navigate guides public- and private-sector organizations on privacy risk management.
Data Protection (October 1, 2009)
The British Information Commissioner’s Office has embarked on research to determine the value of data protection. The findings are expected to give public and private-sector organizations a sound business case for proactively investing in privacy.