Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
New European Standard Contractual Clauses for data processors (May 11, 2010)
In February 2010, the European Commission approved new Standard Contractual Clauses for the transfer of personal data to processors outside the European Economic Area (New Processor Clauses). At the same time, the commission repealed its 2001 decision approving a predecessor version of such clauses (Old Processor Clauses) effective May 15, 2010. As a result, multinational organizations will consider updating their group-internal and external contracts relating to data processing and service providers can expect requests from their customers to sign updated forms.
Notes from the Executive Director (May 1, 2010)
As I write, we are busy with final preparations for the IAPP Canada Privacy Symposium in Toronto. Soon after, we’ll head to Silicon Valley and then Berlin, Brussels and Paris for this year’s European delegate tour. A year that started off with a bang continues to gain momentum. By the end of 2010, we’ll have hosted more events and programs than in any other year in our decade-long history.
Privacy and security considerations for EHR incentives and “meaningful use” (May 1, 2010)
One of the American Recovery and Reinvestment Act of 2009’s (ARRA) (Pub. L. No. 111-5) areas of emphasis is expanding the use of health information technology, both in terms of storing and managing medical records in electronic form and in terms of facilitating the exchange of information contained in such records. The Recovery Act included significant funding to provide incentive payments to healthcare providers to adopt electronic health record (EHR) technology; these incentives require eligible providers not only to acquire and install systems, but also to demonstrate “meaningful use” of electronic health records (§4101).
Risks associated with creating a new information asset (May 1, 2010)
The creation of new information assets (e.g. databases) offers the potential for greater collaboration, efficient work, new discoveries, and accomplished objectives. These benefits often overshadow the risks arising from a lack of due consideration about resource availability, privacy, business continuity, and organizational reputation.
10 in 2010: A chat with Suzanne Rodway, Group Privacy Director, Barclays Bank (May 1, 2010)
In our continuing series to celebrate the IAPP’s tenth anniversary, this month we check in with Suzanne Rodway. As group privacy director for Barclay Bank, Suzanne is responsible for overseeing compliance with privacy, data protection, and freedom of information laws worldwide. Barclay received the HP-IAPP 2009 Privacy Innovation Award in the large organization category for its cross-company approach to privacy. The Privacy Advisor
chatted with Suzanne about new privacy challenges and how she’s helping her organization—and others—rise to meet them.
What’s a former commissioner to do? (May 1, 2010)
Pamela Jones Harbour ended her term as a Federal Trade Commissioner on April 6. In the weeks leading up to her departure she reflected on the changes she has seen during her term, shared some of her plans for the future and discussed how the privacy landscape may look in the years to come. Harbour’s responses to these questions reflect her own views and not necessarily those of the FTC or any other individual commissioner.
Argentine judge holds Google and Yahoo liable for posting of third-party content (May 1, 2010)
An Argentine civil judge held Google and Yahoo liable for content posted by third parties to a Web site, rejecting the companies’ defenses that they were mere intermediaries, therefore not responsible for the actions of the Web site linking the name of the plaintiff to pornographic and female-escort Web sites without her consent.
ECJ declares German data protection supervision unlawful (May 1, 2010)
On March 9, 2010 the European Court of Justice ruled that by making the state authorities responsible for monitoring the processing of personal data by non-public bodies subject to state scrutiny, and by thus incorrectly transposing the requirement that those authorities perform their functions “with complete independence,” Germany failed to fulfill its obligations under Directive 95/46/EC.
Burden of proof re faulty address data (May 1, 2010)
On February 17, 2010, the Regional Court of Duesseldorf issued a judgment on the requirements for proving defects of address data that have been purchased for telephone marketing purposes.
Supreme Court: anonymity is constitutional right (May 1, 2010)
The Israeli Supreme Court settled a longstanding District Court split in March, holding that online anonymity is a constitutional right derived from the right to privacy and free speech.
Mexico passes Federal Data Protection Act (May 1, 2010)
After nine years of intense efforts and constant lobbying, the Federal Data Protection Act has been approved in Mexico. On April 27, 2010, the Senate unanimously approved the Federal Data Protection Act fulfilling the duty of the Mexican Constitution and international standards on the matter.
The Privacy Dividend Report (May 1, 2010)
The UK Information Commissioner, Christopher Graham, has launched the Privacy Dividend Report, which provides organizations with a financial case for data protection best practice.
Criminal case against BT being considered (May 1, 2010)
Following the European Commission’s legal proceedings against the UK for failing to take any action over behavioral targeting, the Crown Prosecution Service is working on a potential criminal case against BT over its trials of Phorm’s system.