Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
THE YEAR AHEAD: PRIVACY PREDICTION 2010 (January 1, 2010)
At the end of each year, the Privacy Advisor polls professionals worldwide to find out what they see in the year ahead for privacy and data protection. In this first issue of 2010, we present their forecasts. We begin with that of Canadian Privacy Commissioner Jennifer Stoddart.
Managing global data privacy (January 1, 2010)
Successive revolutions in information technology raise new challenges, risks, and opportunities for consumer privacy protection. Perhaps the most basic question is how these new technologies are changing the actual practices of companies in processing personal information. After all, emerging technologies can make legal regulations obsolete or out-of-date. The consequences can be ineffective regulation and a waste of corporate resources without meaningful protections for consumer privacy.
Privacy and pandemic planning: a few prudent considerations for organizations (January 1, 2010)
As the international community readies itself for a second wave of the H1N1 flu pandemic, wise organizations are brushing off their business continuity plans (BCPs) and reviewing their applicability to a different kind of threat. Unlike traditional business continuity or disaster recovery planning, pandemic planning requires management for a prolonged but unidentified period of time rather than for the single risk event that traditional business continuity planning tends to focus on.
The Lisbon Treaty and data protection: What’s next for Europe’s privacy rules? (January 1, 2010)
The Lisbon Treaty entered into force on December 1, 2009. This agreement substantially overhauls the EU’s legal bases, the Treaty on European Union (TEU), and the Treaty Establishing the European Community (EC Treaty), the latter of which is renamed the Treaty on the Functioning of the European Union (TFEU).
New international privacy principles for law enforcement and security (January 1, 2010)
Cross-border data flows have long been a subject of global dialogue. In the late 1970s, the Organization for Economic Cooperation and Development (OECD) and the Council of Europe began to explore cross-border transactions, with OECD issuing the Guidelines on the Protection of Privacy and Transborder Flows of Personal Data in 1980, and the Council of Europe issuing the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data in 1981.
U. S. FTC holds first of three privacy roundtable events and signals policy shift (January 1, 2010)
The Federal Trade Commission (FTC) held the first in a three-part series of one-day roundtable meetings focused on privacy on December 7, 2009, in Washington, DC. These events are designed to bring together a variety of participants from industry, consumer advocacy organizations, trade associations, think tanks, academia and elsewhere, each with a strong interest in helping to shape the commission’s approach to privacy regulation and enforcement.
A look at Bill 54 (January 1, 2010)
During the past years, a number of Canadian privacy laws have been undergoing statutory review. A review of the federal Personal Information Protection and Electronic Documents Act (PIPEDA) commenced in the fall of 2006, a review of the Alberta Personal Information Protection Act (AB PIPA) commenced in 2007 and a review of the British Columbia Personal Information Protection Act (BC PIPA) began in 2008.
CNIL sanction procedure overruled by the Court of Appeal (January 1, 2010)
In late 2006, the French data protection authority issued a 30,000 euro sanction against Inter Confort for improper handling of objection requests to direct marketing via telephone. The sanction followed the CNIL’s onsite investigation of Inter Confort. Inter Confort challenged this sanction decision before the Court of Appeal (Conseil d’Etat) on procedural grounds.
Decision of the Federal Court of Justice: opt-out consent to postal advertising (January 1, 2010)
On November 11, 2009, the German Federal Court of Justice handed down a judgment on the privacy aspects of the ”HappyDigits” bonus programme. The court held that an opt-out consent by participants relating to postal advertising that was included in the registration form for the programme is compliant with applicable German data protection law provisions.
DPA of Berlin: strict approach to denied person screenings (January 1, 2010)
As already reported in the October Issue of the Privacy Advisor, the Düsseldorfer Kreis adopted a resolution on privacy aspects of employee screenings in April 2009, following a moderate approach what concerns the overall permissibility of such screenings. The DPA of Berlin apparently applies a much stricter approach;
European legislative update (January 1, 2010)
Linklaters has released its 2009/2010 edition of Linklaters’ Data Protected , a summary of European data protection legislation. The updated report includes reviews of data protection legislation in all Member States, European Economic Area States (Iceland, Liechtenstein, and Norway), and Switzerland and Russia.
New IAPP Europe Board members (January 1, 2010)
The IAPP has announced new members for its European Advisory Board. Privacy experts from a variety of government and industry sectors will help inform the expansion of IAPP Europe, which was launched in November to provide tailored education, networking, and certification opportunities for European data protection professionals
10 New Year’s privacy resolutions (January 1, 2010)
A group of South Florida IAPP members braved the winter elements—blue skies, sunshine, warm temperatures—to attend a KnowledgeNet meeting in Miami in December. Jorge Rey led the interactive session on the apropos topic: Privacy Resolutions.
Although attendees represented a wide range of industries—pharma, banking, education, professional services, and more—all shared remarkably similar concerns and goals. Here are their top resolutions (in reverse order).
AICPA and CICA update Generally Accepted Privacy Principles (January 1, 2010)
Establishing an annual privacy risk assessment process toidentify new or changed risks to personal information isa key enhancement to Generally Accepted Privacy Principles (GAPP). GAPP is an internationally recognized privacy framework developed by the American Institute of CertifiedPublic Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).
Why are more companies joining the U.S. - EU Safe Harbor privacy framework? (January 1, 2010)
The U.S. Department of Commerce (U.S. DOC) recently held its 2009 International Conference on Cross Border Data Flows & Privacy in Washington, DC. The U.S. DOC announced at the conference that an increasing number of companies are choosing to self-certify compliance with the U.S.-EU Safe Harbor Privacy Framework (Safe Harbor). Every month, approximately 50 companies file initial self-certifications to the Safe Harbor, and approximately 150 companies submit annual re-certifications.