Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Notes from the Executive Director (June 1, 2010)
Let no one say that our world is getting less complex. Our June delegate tour through Europe revealed quite the opposite.
Ubiquitous biometrics (June 1, 2010)
At a recent biometrics conference, Dr. Myra Gray, the director of the Department of Defense Biometrics Task Force, discussed the impending arrival of “ubiquitous biometrics.“ She emphasized that biometrics are being widely used for national security, physical access control, and individual identification for countless types of transactions. As this particular conference was focused on implementation of Homeland Security Directive 24 mandating interoperability between certain governmental biometric systems, she and others spoke of the value of ubiquitous biometrics for national security and everyday conveniences.
Winning support from senior management and others (June 1, 2010)
This article is the third in a series contributed by MediaPro, Inc., in which privacy and data protection thought leaders from leading organizations share best practices for addressing the human factor in compliance and data protection programs and implementing a successful privacy and data security awareness and training initiative.
Promoting privacy to your IT group: The CIPP/IT pilot project (June 1, 2010)
“I found that by preparing for the CIPP/IT certification I was able to develop an appreciation and a level of awareness for privacy I didn’t have before. I believe this awareness will allow me to think broader and consider impacts beyond the immediate solutions.“ — Employee, Walmart Stores, Inc.
Amended German data protection law requires new agreements with data processors (June 1, 2010)
The German data protection law was revised in 2009 and obliges parties to data processing agreements to include into their contracts clauses on breach notifications, audit rights, subcontracting, and a couple of other aspects.
Privacy and the Vancouver Olympics: Games over, cameras going away (June 1, 2010)
The 2010 Vancouver Winter Olympics marked the first time the games would be held on the North American continent in the post-9/11 world of enhanced security considerations after the terrorist attacks against the United States. With the games came increased concerns about protecting the international athletes and visitors who would flock to Vancouver to take part in the Olympics, and with those concerns came the need to balance personal privacy with personal safety.
10 in 2010: A chat with Kathleen Street, Privacy Officer, Children's Health System (June 1, 2010)
As part of a yearlong celebration of the IAPP’s tenth anniversary, this month the Privacy Advisor chats with member and privacy officer for Children’s Health System in Birmingham, Alabama, Kathleen Street.
Cloud computing paper (June 1, 2010)
In March 2010, the Office of the Privacy Commissioner of Canada (OPC) published a paper that discusses the privacy issues raised by the increasing use of cloud computing, including issues related to jurisdiction, security, misuse of data, data retention, and lawful access.
Federal Ministry of the Interior: Guidelines for new employee privacy law (June 1, 2010)
As announced by the German Federal Government in its privacy work program that formed part of its coalition agreement (see the Global Privacy Dispatch in the January issue of the Privacy Advisor), the German Federal Ministry of the Interior (Bundesinnenministerium - BMI) published on March 31 first guidelines for a new section on employee privacy rules to be introduced into the German Federal Data Protection Act (FDPA).
Internet privacy in Poland: Best practices code in the making (June 1, 2010)
The Polish celebration of the Fourth International Data Protection Day on January 28 was marked by the signing of an agreement between the Inspector General for Personal Data Protection (DPA) and ‘the Interactive Advertising Bureau Polska’ (IAB Poland), the Internet industry employers’ association in Poland. The agreement aims at developing a best practices code for Internet privacy.
Mandatory data-wipe for electronic devices? (June 1, 2010)
Manufacturers of electronic equipment should be forced to integrate into their devices an easy and free way to delete all personal data, says the European Data Protection Supervisor (EDPS). In addition, the sale of used devices that have not been properly wiped should be prohibited.
JPCA launches Puraken test (June 1, 2010)
The Japan Privacy Consultants Association (JPCA), in collaboration with academic and industry interests, has launched a new privacy test—Puraken. The test is designed to help consumers, especially younger consumers, gain knowledge about online privacy.
Privacy papers for policy makers (June 1, 2010)
The Future of Privacy Forum has launched a project designed to inform policymakers about important privacy issues. The FPF will accept submissions for the “Privacy Papers for Policy Makers” project through July 15.
Zeltzer Hutnik named partner (June 1, 2010)
Kelley Drye & Warren LLP has elected Alysa Zeltzer Hutnik as a partner at the firm’s Washington, DC offices. Zeltzer Hutnik is a member of Kelley Drye’s advertising and marketing, and privacy and information security practice groups.