Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Notes From the Executive Director (April 1, 2010)
In a recent Forbes article, Bruce Schneier dismissed claims that the age of privacy is over, asserting that people, even young people, still care about it. What’s different, he said, is that while the privacy attitudes of yesterday were aligned with the notion of secrecy, today privacy is about control. “A privacy failure is a control failure,” he said.
Asia-Pacific Privacy Law: assurance via certification and audit (April 1, 2010)
As discussed in previous articles, many Asia-Pacific countries have implemented privacy statutes. While each has its own unique provisions, they tend to utilize the same core principles as the APEC Privacy Framework (2005). Corporations that operate in the region must comply with the statutes for each country in which they do business and will also want to demonstrate their commitment to the protection of personal information.
Security, fines, and systems-based regulation—the UK’s new legal battleground (April 1, 2010)
The regulation of data protection in the UK enters a new era on 6 April when the Information Commissioner’s power to levy fines of up to £500,000 for breaches of the Data Protection Act (DPA) comes into effect. While the legislation introducing the fine refers to breaches of the data protection principles, we can expect that the fine will be targeted mostly at security breaches and data loss and the other terrors addressed by the seventh data protection principle.
Privacy 50 years from now (April 1, 2010)
How has privacy law evolved in the last 50 years? What will it look like in 2060? On January 29, the California Law Review gathered together some of the world’s top privacy law scholars and practitioners to explore these questions. The symposium, “Prosser’s Privacy at Fifty,” held at UC Berkeley School of Law, celebrated the fiftieth anniversary of Dean William Prosser’s landmark article, “Privacy,” 48 California Law Review 383 (1960), among the most influential law review articles in history.
Anything but irrational (April 1, 2010)
Dan Ariely is the author of Predictably Irrational: The Hidden Forces That Shape Our Decisions, James B. Duke Professor of Behavioral Economics at Duke University, and visiting professor at the MIT Media Lab. He will present a keynote at the IAPP Global Privacy Summit on April 20. In this Privacy Advisor Q&A, Dan discusses how his research applies to decisions we make about privacy.
Perfect remembering? Forget about it. (April 1, 2010)
The Privacy Advisor is pleased to bring you this Q&A with Viktor Mayer-Schönberger, author of Delete: The Virtue of Forgetting in the Digital Age, and associate professor of public policy and director of the Information and Innovation Policy Research Centre at the LKY School of Public Policy/National University of Singapore. He will present a keynote at the IAPP Global Privacy Summit on April 21.
More than “checking the box” in information protection training and awareness (April 1, 2010)
This article is the second in an ongoing series in which leading organizations share best practices on addressing the human factor in compliance and information protection programs and implementing a successful privacy and information security awareness and training initiative.
Cooperation and privacy regulation (April 1, 2010)
When it comes to meeting the challenges of the decade ahead, privacy regulators “cannot function in isolation.” That was one of the key messages Canada Privacy Commissioner Jennifer Stoddart shared in her address, “The Future of Privacy Regulation,” at the 11th Annual Privacy and Security Conference.
Salazar joins Infante, Zumpano, Hudson, and Miloch (April 1, 2010)
Luis Salazar, CIPP, has joined Florida law firm Infante, Zimpano, Hudson and Miloch, LLC as a partner.
Schools team with ICO to teach kids Internet safety (April 1, 2010)
Schools across the UK are teaming up with the Information Commissioner’s Office for a national educational program about online safety. The “i in online” initiative aims to highlight the risks to youths online and provides free interactive training sessions for staff, parents, and children at secondary schools and youth clubs on how to best manage their online privacy.
Consultations on emerging technologies (April 1, 2010)
Earlier this year, the privacy commissioner of Canada, Jennifer Stoddart, announced that her office would host consultations on a number of topics that could create serious privacy challenges for consumers.
EC updates standard contractual clauses (April 1, 2010)
The European Commission (EC) adopted Decision 2010/87/EU on 5 February, updating the standard contractual clauses for international transfers to data processors outside the EU/EEA (hereinafter: decision). The new model clauses incorporate information security requirements and sub-contracting and liability concerns by striking a balance between company concerns and the rights of data subjects.
Court ruling on privacy aspects of geo-information Internet platform (April 1, 2010)
Along with forthcoming services like Google Maps, Google StreetView, Google Earth, and the like, comes the new era of geo-information Web sites. By combining electronic maps with photos and data such as street names, company addresses, descriptions of public buildings, and other points of interest—even the menu of the restaurant at the corner—comprehensive "virtual" realities are created.
10 in 2010: A chat with Alan Chapell, president of Chapell & Associates, LLC (April 1, 2010)
In our continuing series to celebrate the IAPP’s tenth anniversary, this month we check in with long-time member and prolific Privacy Advisor contributor Alan Chapell. Prior to his career in privacy, Alan made a living as a musician. Today he parlays his creative energy into his consulting firm. So, how does one go from rockin’ out on stage with the likes of Echo and the Bunnymen to being appointed privacy ombudsman on some of the largest bankruptcy cases in the U.S.?